privacy Notice

 
 

1.     General Information

The following is a privacy notice to inform you, our clients, of how we collect, process, handle and store your personal data, in compliance with the EU’s General Data Protection Regulation (GDPR), which comes into effect as of 25th May, 2018. We are committed to protecting any and all personal data we hold from our clients.

Our company, Core Training Sàrl, is the data controller, meaning it decides how your personal data is processed and for which purposes. The processing of your personal data is governed by the GDPR. Our Data Protection Officer (DPO) is Mr. William Holmes, and any queries or requests should be directed to him. Contact details for the data controller and the DPO can be found below.

 

2.     Data Processing

Core Training Sàrl complies with its obligations under the GDPR by keeping personal data up to date; by storing and destroying it securely; by not collecting or retaining excessive amounts of data; by protecting personal data from loss, misuse, unauthorized access and disclosure and by ensuring that appropriate technical measures are in place to protect personal data.

 

We process the following personal data:

  • Name
  • Email
  • Phone Number
  • Address
  • Emergency contact
  • Date of Birth
  • Photos / Videos
  • Training History
  • Goals and Objectives
  • Bank / Credit Card Details

 

We also process the following special category (health) data:

  • Medical History
  • Weight
  • Body circumference measurements

 

We use your personal data for the following reasons:

  •  To create a training and nutritional program at the request of our clients to help them achieve their goals (as per the contract they sign with us);
  • To maintain our own accounts and records;
  • To take bookings for personal training sessions and group classes;
  • To let you know about upcoming news, events, offers, services and changes to Core Training Sàrl;
  • To promote and market Core Training Sàrl and its services.

 

If the purposes of our processing change in future, we will notify you of proposed changes, update our privacy policies and notifications, and request your approval before making any changes.

 

We collect your personal data in the following ways:

  • By Email
  • By Phone and WhatsApp
  • Via our third party email messaging system Mailchimp
  • Via our third party website provider Squarespace
  • Via our third party booking platform PTMinder

Some information will be collected when you first contact us, such as your name, email address and telephone number. This information may be collected via email, social media (facebook / Instagram), or through the filling out of paper forms.

 

3.     Lawful Basis

The lawful basis that we use for processing your personal data is contract. Processing is necessary for the performance of a contract with the data subject (our clients) or to take steps to enter into a contract. We shall continue to process this personal data until the contract with our client(s) ends or is terminated under any contract terms.

The lawful basis we use for taking photos and videos of our clients is consent. Clients are asked to opt-in to images or videos of themselves being used on our website / promotional materials. Clients have the right to withdraw their consent at any time.

The lawful basis we use for the processing of special category data (health) is condition (h), “processing is necessary for the purposes of preventive or occupational medicine… pursuant to contract with a health professional …”

If, as determined by us, the lawful basis upon which we process your personal information changes, we will notify you about the change and any new lawful basis to be used if required. We shall stop processing your personal information if the lawful basis used is no longer relevant.

 

4.     Retention Periods

As per the GDPR, we will only control and process our client’s data as long as there is a need to do so. We take our obligation to destroy client data very seriously, and as such all client data will be removed and destroyed both electronically and in the form of hard copies, within one month of the contract ending / being terminated.

The exception to this is any special category, health data, which will be retained for a period of seven years after the end of any contract. This is required in case of any claim made against the company by a former client or employee.

 

5.     Security and Protection

We ensure the security of any and all personal information and data that we hold by using secure data storage procedures.

 

6.     Data Access

The personal data we hold will be accessible only by employees of Core Training Sàrl, namely at this time Mr. William Holmes and Miss Laura Dubler. Any data they process will be secured via different security methods, such as passwords and locked cabinets. All employees of the company are held to the standards of data protection laid out by the GDPR.

We do not sell, trade, or otherwise provide your personal data to outside individuals, companies or organisations. This does not include trusted third parties who assist us in conducting our business and servicing our clients, so long as said parties agree to keeping this information confidential. We may also release information when it is necessary to comply with the law, protect ours or others rights or safety.

The trusted third parties we work with are:

  • Software Minder Limited (PTMinder)
  • Stripe (payment handling software)
  • Mailchimp

 

7.     Individual Rights

Under the GDPR your rights are as follows:

  1. The right to be informed
  2. The right of access
  3. The right to rectification
  4. The right to erasure
  5. The right to restrict processing
  6. The right to data portability
  7. The right to object
  8. Rights in relation to automated decision making and profiling

You also have the right to complain to the Federal Data Protection Information Commissioner (FDPIC) if you feel there is a problem with the way we are handling your data.

We handle subject access requests in accordance with the GDPR.

 

8.     Contact Details

Supervisory Authority:

Préposée à la protection des données et à l’information

Rue Saint-Martin 6

Case Postale 5485

1002 Lausanne

+41 (0) 21 316 40 64

Info.ppdi@vd.ch

 

Data Controller:

Core Training Sàrl

Rue des Bosquets 13

1800 Vevey

Vaud

+41 76 274 42 04

coretrainingpt@gmail.com

 

Data Protection Officer (DPO):

Will Holmes

Rue des Bosquets 13

1800 Vevey

Vaud

+41 78 647 42 82

Will.coretraining@gmail.com