PRIVACY POLICY

Privacy Policy

Effective date: August 1st, 2024

  1. Introduction Fitness by Pau Stamford ("we," "our," or "us") operates a small, private gym and related services. This Privacy Policy explains how we collect, use, disclose, and protect personal information about current, prospective, and former clients and visitors ("you" or "clients") in connection with our studio, membership services, classes, events, appointments, communications, website, phone, email, and other interactions. By using our services or providing your information, you agree to the practices described in this policy.

  2. Information We Collect We collect the following categories of personal information as needed to provide and improve our services:

  • Contact and identity information: name, date of birth, gender (optional), mailing address, email address, phone number, emergency contact details.

  • Account and membership information: membership type, start and end dates, billing details, payment method (partial payment data may be handled by third-party processors), attendance records, class bookings, cancellation history, and notes about preferences or goals.

  • Health and fitness information: medical history, injuries, health conditions, doctor’s clearance, fitness assessments, biometric data (height, weight, body measurements), workout programming and progress notes, dietary preferences or restrictions — collected only with your consent and when necessary to provide training or classes.

  • Financial and billing information: payment card details and billing address when you pay directly (note: card data may be processed by third-party payment processors; we do not store full card numbers on our servers unless expressly stated).

  • Communications and customer support: records of communications, inquiries, feedback, and support requests via phone, email, in-person, or chat.

  • Technical and usage information: IP address, device and browser information, pages visited on our website, form submissions, cookies and similar technologies when you use our website or digital services.

  • Visual recordings: photographs or video taken at the studio for promotional or security purposes — only with notice and consent when required by law or studio policy.

  • Marketing preferences: whether you opt into marketing, and the channels you prefer (email, SMS, phone).

  1. How We Use Your Information We use personal data for the following purposes:

  • To provide and manage memberships, classes, training, and studio services.

  • To process payments, invoices, refunds, and billing inquiries.

  • To schedule appointments and manage class bookings and attendance.

  • To assess fitness needs, create programs, and monitor progress and safety.

  • To communicate about your account, bookings, class changes, studio policies, and important notices.

  • To send marketing communications, promotions, offers, and newsletters where you have opted in; you can opt out at any time.

  • To improve our services, develop new offerings, analyze usage patterns, and tailor your experience.

  • To maintain studio safety and security, including through surveillance cameras where posted and permitted by law.

  • To respond to legal requests, enforce terms, and protect rights, property, or safety of clients and staff.

  • For other purposes disclosed at the time of collection or with your consent.

  1. Legal Bases for Processing (where applicable) When applicable under data protection laws, we rely on the following legal bases for processing personal data:

  • Performance of a contract: processing necessary to fulfill membership agreements and provide services.

  • Consent: where you have given consent (e.g., for marketing, photographs, or certain health data). You may withdraw consent at any time, but withdrawal does not affect processing that occurred prior to withdrawal.

  • Legitimate interests: for business operations, safety, fraud prevention, and communications not requiring consent, balanced against your privacy rights.

  • Legal obligations: to comply with laws, reporting, or law enforcement requests.

  1. Sharing and Disclosure We may share personal information with:

  • Service providers and vendors (payment processors, scheduling and booking platforms, email/SMS providers, IT and data storage providers, accounting services) that help operate our business. These parties are contractually limited to using data only for providing the requested services.

  • Medical or emergency personnel if needed for your health or safety.

  • Law enforcement, courts, or other government authorities when required by law or to protect our rights, property, or safety.

  • Prospective business partners, professional advisors, or buyers in connection with a sale, merger, or corporate reorganization — only with appropriate protections.

  • Other parties with your consent.

We do not sell your personal information for monetary consideration.

  1. Security We use administrative, technical, and physical safeguards designed to protect the confidentiality, integrity, and availability of your personal information. These measures include access controls, encryption for sensitive data where appropriate, and staff training. While we strive to protect your data, no method of transmission or electronic storage is completely secure. We cannot guarantee absolute security.

  2. Data Retention and Deletion We retain your personal information only for as long as necessary to fulfill the purposes outlined in this Privacy Policy, to comply with legal and tax obligations, to resolve disputes, and to enforce our agreements. Retention periods vary depending on the type of information:

    • Account and membership records: retained for the duration of the membership plus up to seven years for tax, billing, and legal purposes.

    • Transaction and payment data: retained for up to seven years to satisfy accounting and tax requirements.

    • Contact, inquiry, and customer service records: retained for up to three years unless needed longer to resolve disputes or comply with legal obligations.

    • Health, fitness assessment, and training program details: retained for the duration necessary to provide services and for up to seven years thereafter, unless you request deletion earlier or applicable law requires otherwise.

    • Marketing preferences and opt-out records: retained to respect your choices and prevent unwanted communications.

    You may request deletion of your personal data by contacting us. We will honor deletion requests unless we are required to retain the information for legal, regulatory, or legitimate business purposes. When data is deleted, we will take reasonable steps to remove it from active systems; copies may remain in archived backups for a limited period.

    Your Rights Depending on where you live, you may have certain rights with respect to your personal information. These rights may include:

    • Access: You can request a copy of personal data we hold about you.

    • Correction: You can ask us to correct inaccurate or incomplete personal data.

    • Deletion: You can request deletion of your personal data, subject to legal and contractual exceptions.

    • Restriction: You can request restriction of processing in certain circumstances (for example, while a dispute is resolved).

    • Portability: You may request a portable copy of certain personal data in a structured, commonly used, machine-readable format.

    • Objection: You can object to certain types of processing, including direct marketing.

    • Withdrawal of consent: When processing is based on consent, you may withdraw that consent at any time; withdrawal does not affect processing already lawfully carried out before withdrawal.

    To exercise any of these rights, contact us using the details below. We may ask you to verify your identity to protect your privacy. We will respond to requests in accordance with applicable law.

    Cookies and Similar Technologies We use cookies and similar tracking technologies to improve your experience on our website, to understand how our site is used, and to support features and analytics. Types of cookies we use include:

    • Strictly necessary cookies: Required for core site functionality (e.g., login/session cookies).

    • Performance and analytics cookies: Help us understand site usage so we can improve performance.

    • Functionality cookies: Remember choices you make to improve your experience (e.g., language or region).

    • Advertising and targeting cookies: Used to deliver relevant advertisements and measure ad effectiveness, if you choose to opt into marketing communications.

    You can manage cookie preferences through your browser settings or through any cookie management tool available on our site. Disabling certain cookies may affect site functionality.

    Third-Party Services and Links We may share personal information with third-party service providers who perform services on our behalf, such as payment processors, email delivery services, scheduling and booking platforms, analytics providers, and IT hosting providers. These parties are authorized to use your personal information only as needed to provide these services and subject to contractual safeguards.

    Our website, emails, or other communications may contain links to third-party websites or services. We are not responsible for the privacy practices or content of those third parties. Review their privacy policies before providing personal information.

    Security We implement reasonable administrative, technical, and physical safeguards to protect personal information from unauthorized access, use, alteration, or disclosure. Measures include secure servers, encryption of sensitive data in transit, access controls, and staff training. However, no method of transmission over the internet or electronic storage is completely secure. We cannot guarantee absolute security and are not liable for unauthorized access beyond our reasonable control.

    Children’s Privacy Our services are intended for adults and individuals at least 18 years old. We do not knowingly collect personal information from children under 13. If you are a parent or guardian and believe your child under 13 has provided us with personal information, contact us immediately. We will take steps to delete such information as required by law.

    International Data Transfers If you are located outside the country where our systems operate, your personal information may be transferred to and processed in countries with different data protection laws. We will take appropriate safeguards to ensure that any transfers comply with applicable law and that your information receives an adequate level of protection.

    Changes to This Privacy Policy We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or services. When we make material changes, we will notify you by posting the updated policy on our website