Privacy Policy

We believe that your private information should be just that – private. To operate our services we need to collect some personal information about you. This privacy notice explains what we do with the personal data collected and why we do it.

CrossFit Stewarton Ltd. (“CrossFit Stewarton”, “the organisation”, “we”, “us” or “our”) is committed to being transparent about how it collects and uses that data, and to meeting its data protection obligations. By using any of CrossFit Stewarton’s services, you confirm that you have read, understood and agree to this Privacy Policy.

What information does the organisation collect?

The organisation collects and processes information about you upon enquiring about gym membership. This information allows us to contact you in order to arrange a time for your free trial sessions and answer any questions you may have in relation to the gym and its program.

The information collected includes:

  •  your name
  • email address
  • telephone number

Prior to attending your first trial session with us, we require you to complete a waiver and Physical Activity Readiness Questionnaire (PAR-Q). This acts as a legal document, allowing us to ascertain your current health status and suitability to train safely with us. It also asks for your consent to confirm that you understand the nature of the training program, its stimulus and any risks involved.

The information collected in the client waiver / PAR-Q includes:

  • your name and address
  • contact details, including email address and telephone number;
  • date of birth;
  • gender;
  • emergency contact details; and
  • basic medical history of injury / illness.

When you join as a member of CrossFit Stewarton we will use the above data collected through the waiver to set up your membership. We also require the following information for processing membership payment:

  • bank account details.

Any products purchased through the CrossFit Stewarton website also require the collection of personal data in order to process the order. Date collected for orders through the website includes:

  • email address;
  • your name;
  • address including postcode;
  • phone number;
  • details of any food allergies (for food orders);
  • bank account details.

 

Why does the organisation process personal data?

Your name, address and payment information will be used to set up your membership and process your payment.

Your email address is used to communicate with you regarding updates and opportunities within the gym in relation to its program.

Your phone number will only be used to contact you at short notice, i.e. to inform you of a last minute class cancellation, or in an emergency situation.

Your emergency contact details will only be used in an emergency situation to notify your designated contact.

Gender and date of birth information helps us to understand the demographic of our membership and allows us to improve the service for our members.

The PAR-Q data is used to ensure that you are in a fit and healthy condition to train with CrossFit Stewarton, and to ensure that all gym users understand and consent to the nature of the training program through the signed waiver. This helps to ensure that the organisation is complying with its legal obligations.

Personal data collected through the website in relation to products purchased will only be used in conjunction with that particular order, to allow for the payment to be processed and for the product to be produced.

Please note that we will only use your Personal Data in ways that are compatible with the purposes for which it was collected or as subsequently authorised by you.

How we store the information

Data will be stored in:

  • paper based personal files;
  • our IT systems; and
  • our email system.

Who has access to data?

CrossFit Stewarton use a secure gym management platform, Wodify Technologies LLC (“Wodify”), to help process member payments, manage class bookings, publish the gym program, record and track member performance and view gym analytics. Every member can access and update their own personal data at any time through their personal member login on Wodify.

Wodify Admin data is only accessible through a separate system, “Wodify Core”, using a specific username and password for each member of the CrossFit Stewarton Coaching team. This is further secured with password protected computers and phones. All of our systems have firewall protection installed to maximise security and prevent unauthorised access.

Wodify Technologies LLC is located outside of the European Economic Area (“EEA”). Wodify is based in the United States and provides services globally. The personal data collected through Wodify is stored in their primary data store in Virginia, US, however may also transfer some personal data to their third party sub-processors, as detailed below, who may be located in a different country.

Countries out-with the EU have different and varied laws governing the processing of personal data. Within their Privacy Policy, Wodify have committed to ensuring an adequate level of data protection with all third party service providers. The Wodify Privacy Policy states:

“If you are an European Union (EU) citizen and your information is shared with corporate affiliates or third party service providers outside the EEA, we will, prior to sharing your information with such corporate affiliate or third party service provider, establish the necessary means to ensure an adequate level of data protection. This may be an adequacy decision of the European Commission confirming an adequate level of data protection in the respective non-EEA country or an agreement on the basis of the EU Model Clauses (a set of clauses issued by the European Commission).”

Wodify also declares to act in accordance with the EU-U.S. Privacy Shield Framework as set forth by the U.S. Department of Commerce regarding the collection, use, and retention of personal information transferred from the European Union to the United States. Wodify has a Privacy Shield certification.

A copy of the Wodify Technologies LLC Privacy Policy can be found at https://www.wodify.com/privacy-policy.

In order to process membership financial transactions, Wodify uses Paysafe Group Limited (“Paysafe”) to gather your data from financial institutions. Paysafe trade globally however have an office based in London, UK. By using our services, you grant Wodify and Paysafe the right, power and authority to act on your behalf to access and transmit your personal and financial information from the right financial institution. You agree to your personal and financial information being transferred, stored and processed by Paysafe in accordance with the Paysafe Privacy Policy at https://www.paysafe.com/privacy-policy/.

CrossFit Stewarton use Squarespace as a platform for the design of our website. Any personal data collected through our website, either via member enquiries or when purchasing products, is managed by Squarespace. Squarespace trade globally however have an office based in Dublin, Ireland. A copy of the Squarespace Privacy Policy can be found at https://www.squarespace.com/privacy.

In order to process products purchased through our website, Squarespace uses Stripe, Inc. (“Stripe”) to gather your data from financial institutions. Stripe trade globally, with headquarters in San Francisco, USA, however have an office based in London, UK. By using our services, you grant Squarespace and Stripe the right, power and authority to act on your behalf to access and transmit your personal and financial information from the right financial institution. You agree to your personal and financial information being transferred, stored and processed by Stripe in accordance with the Stripe Privacy Policy at https://stripe.com/gb/privacy.

These third parties will access your information only to perform tasks on our behalf in compliance with this Privacy Policy. CrossFit Stewarton requires its service providers that have access to Personal Data collected through CrossFit Stewarton to provide at least the same level of privacy protection that is required by this Privacy Policy.

How does the organisation protect data?

The organisation takes the security of your data seriously. The organisation has internal policies and controls in place to try to ensure that your data is not lost, accidentally destroyed, misused or disclosed, and is not accessed except by the Directors and members of staff in the performance of their duties.

Where the organisation engages third parties to process personal data on its behalf, they do so on the basis of written instructions, are under a duty of confidentiality and are obliged to implement appropriate technical and organisational measures to ensure the security of data.

How can the personal information we hold be updated or amended?

All of your personal information can be updated at any time by logging on to Wodify using your member username and password, or through the Wodify app. This can be accessed through menu / settings / and then selecting the personal data that you would like to update.

For how long does the organisation keep data?

The organisation will not keep your personal information for any purpose(s) for longer than is necessary and we will only retain the relevant personal information that is necessary in relation to the purpose. We are also required to retain certain information by law or if it is reasonably necessary to meet regulatory requirements, resolve disputes, prevent fraud and abuse, or enforce our terms and conditions. For example, we will retain the personal information you provided on joining as a member so long as your membership remains in existence.

We are required to keep an electronic copy of your signed waiver for legal purposes.

Your rights

As a data subject, you have a number of rights. You can:

  • access and obtain a copy of your data on request;
  • require the organisation to change incorrect or incomplete data;
  • require the organisation to delete or stop processing your data, for example where the data is no longer necessary for the purposes of processing; and
  • object to the processing of your data where the organisation is relying on its legitimate interests as the legal ground for processing.

If you have any questions, comments or complaints about this Privacy Policy or our privacy practices or if you would like to exercise your rights, please email us at info@crossfitstewarton.co.uk or contact us through our website: www.crossfitstewarton.co.uk.