Privacy policy.
Policy in a Nutshell: Our Commitment to You
We take your personal data seriously, especially sensitive health information, and process it to provide our services and products. We collect your data directly from you and through our website or online forms.
We use trusted third-party providers for essential business operations, including feedback, information collection and engagement (Qualtrics), and for managing training plans and scheduling (e.g., ABC Trainerize and Squarespace).
We only process your data for valid legal reasons, such as to fulfill our contract with you, for legitimate business interests, or to meet a legal obligation.
We will seek your explicit consent to process your sensitive health data.
Under UK data protection law, you have several rights, including the right to access, rectify, or erase your personal data
1. Introduction
Peak Agility takes your privacy seriously. This privacy notice explains how we collect, use, and process your personal data, particularly sensitive health information, to deliver our services. This policy is in accordance with the UK General Data Protection Regulation (GDPR) and the Data Protection Act 2018.
2. Who We Are
Data Controller: Peak Agility, a brand operating under Regenerative Playtime.
Contact Details: All enquiries privacy@peakagility.co.uk
Data Protection Officer (DPO): The founder and company Director are responsible for data protection compliance and can be contacted at privacy@peakagility.co.uk].
3. The Personal Data We Collect and Process
We may collect and process various types of personal data to provide our services and products. This includes but is not limited to:
Standard Personal Data: Your name, contact details (address, phone number, email), date of birth, gender, and payment information.
Experience Data: This information relates to what you have been working on so far or have spent time practicing.
Special Categories of Personal Data (Health Data): This is information related to your physical or mental health, including injuries, medical conditions, and fitness goals. We collect this to ensure your safety and to design an effective program.
Survey and Feedback Data: We use Qualtrics to collect your feedback and survey responses. This may include your opinions, service ratings, and other information to help us improve.
4. How We Collect Your Data
We collect personal data primarily from you, directly or through our systems (e.g., our website or online forms). We may also collect some data from third parties, such as payment providers.
5. The Purpose and Lawful Basis for Processing Your Data
We must have a valid legal reason (a lawful basis) to process your data.
To perform our contract with you: We process your personal and payment data to provide the services you have requested, such as fitness classes or personal training sessions.
For our legitimate interests: We process your data to operate our business effectively. This includes managing our workforce, communicating with you, and protecting our business interests.
For compliance with a legal obligation: We process data to comply with legal requirements, such as health and safety legislation or tax rules.
For special categories of personal data (health data): We process your sensitive health data based on your explicit consent and for the purpose of preventive or occupational medicine, such as assessing your working capacity or providing health care. We will seek your explicit consent separately when required.
6. How We Use Technology Providers and Third Parties
We use trusted third-party service providers to help us operate our business. These providers act as "data processors" on our behalf.
Qualtrics: We use Qualtrics to collect information and feedback data. They are a data processor for us and are responsible for the technical processing of this data. Qualtrics provides tools to ensure compliance with GDPR, including data subject rights and deletion.
Microsoft & Google: We use Microsoft and Google for business operations (e.g., email, file storage). They are GDPR compliant and provide robust security measures, but we remain the data controller.
Training plans and scheduling would be handled by providers such as ABC Trainerize and Squarespace. Other third parties may also be used.
Other Third Parties: We may share your data with other third parties such as our payment provider. We require these third parties to process your data in accordance with applicable laws, including confidentiality and security standards.
We may alter providers as the business requires to ensure the best experience and data protection. If you require the latest information please request this.
7. Data Security
We implement a variety of technical and organisational security measures to protect your personal data from unauthorised access, use, or disclosure. These measures include data encryption, firewalls, and limiting access to personal data on a need-to-know basis.
8. Your Rights
Under UK data protection laws, you have several rights regarding your personal data:
Right to be informed: The right to know how your data is being used.
Right of access: The right to request a copy of the personal data we hold about you.
Right to rectification: The right to have inaccurate or incomplete data corrected.
Right to erasure (the "right to be forgotten"): The right to have your data erased in certain circumstances.
Right to restrict processing: The right to limit how we use your data.
Right to data portability: The right to obtain and reuse your data for different services.
Right to object: The right to object to certain types of processing, such as direct marketing.
To exercise any of these rights, please contact our Data Protection Officer using the details provided above.
9. Complaints
If you have a complaint about how we have handled your personal data, you have the right to lodge a complaint with the Information Commissioner's Office (ICO).
Information Commissioner's Office
Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF
Helpline: 0303 123 1113
Website: www.ico.org.uk
[END]