Effective Date: 25.05.2018
General Data Protection Regulation (GDPR) replaces Data Protection Directive 95/46 under EU law. It has direct effect and implies a change in legislation of Member States in the field of personal data protection. The purpose of GDPR is to protect the rights and freedoms of individuals and to ensure that personal data are not processed without their knowledge and, where applicable, their consent.
Scope (GDPR Art.2) – this regulation applies to the processing of personal data wholly or partly by automated means and to the processing other than by automated means of personal data which form part of a filing system or are intended to form part of a filing system.
Definitions (GDPR Art. 4):
Personal Data means any information relating to an identified of identifiable natural person (‘data subject’); one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, and online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural, or social identity of that person.
Processing means any operation or set of operations which is performed on personal data (or sets of personal data) – whether or not by automated means. This includes collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction – basically anything we could possibly do with your data from the moment of collection to the moment of destruction.
Controller means the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of processing personal data. In this instance, Core Training Sàrl is the data controller.
Processor means a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller. In this instance, the employees of Core Training Sàrl shall be the data processors.
Third Party means a natural or legal person, public authority other than the data subject, controller or processor who, under the direct authority of the controller or processor, are authorized to process personal data.
Personal Data breach means a security breach leading to the accidental or unlawful destruction, loss, unauthorized disclosure of, or access to, personal data somehow processed.
Data Concerning Health means personal data related to the physical or mental health of a natural person, including the provision of health care services, which reveal information about his or her health status.
2.1 The management of Core Training Sàrl will take measures to ensure compliance with legislation regarding the processing of personal data and the protection of ‘rights and freedoms’ of anyone whose personal data is collected and/or processed by the company.
2.2 Other relevant documents as well as their related processes will be described in this policy.
2.3 This policy covers all processing functions of personal data, including those relating to personal data of clients, employees, suppliers and partners.
2.4 The Data Protection Officer is responsible for reviewing all privacy procedures, policies and practices on an annual basis to ensure continued compliance and the updating to any necessary aspects of data processing.
2.5 This policy applies to all employees/workers of Core Training Sàrl. Any violation of the GDPR will be dealt with appropriately, as a breach of contract, and should there be a suspicion of a crime, the matter will be referred to the relevant authority as soon as possible.
2.6 Third Party companies who work with Core Training Sàrl will be expected to understand and comply with this policy. This policy, however, does not govern third party companies, and we encourage you to read the privacy policies of the third party companies we work with, should you have any concerns.
3. How We Collect and Use Personal Data:
Core Training Sàrl complies with its obligations under the GDPR by keeping personal data up to date; by storing and destroying it securely; by not collecting or retaining excessive amounts of data; by protecting personal data from loss, misuse, unauthorized access and disclosure and by ensuring that appropriate technical measures are in place to protect personal data.
We collect the following personal data:
- Email Address
- Phone Number
- Emergency contact
- Date of Birth
- Photos / Videos
- Training History
- Goals and Objectives
We also collect the following special category (health) data of our clients and employees:
- Medical History
- Body circumference measurements
Finally, we process the following personal data for the purpose of making / taking payments:
- Credit Card Details (via Stripe)
- Bank Account Details
We use your personal data for the following reasons:
- To create a training and nutritional program at the request of our clients to help them achieve their goals (as per the contract they sign with us);
- To maintain our own accounts and records;
- To take bookings for personal training sessions and group classes;
- To let you know about upcoming news, events, offers, services and changes to Core Training Sàrl;
- To promote and market Core Training Sàrl and its services.
If the purposes of our processing change in future, we will notify you of proposed changes, update our privacy policies and notifications, and request your approval before making any changes.
We collect your personal data in the following ways:
- By Email
- By Phone and Whatsapp
- Via our third-party email messaging system Mailchimp
- Via our third-party website provider Squarespace
- Via our third-party booking platform PTMinder
Some information will be collected when you first contact us, such as your name, email address and telephone number. This information may be collected via email, social media (facebook / Instagram), or through the filling out of paper forms.
Core Training Sàrl does not carry out any data profiling.
4. Lawful Basis
The lawful basis that we use for processing your personal data is contract. Processing is necessary for the performance of a contract with the data subject (our clients) or to take steps to enter into a contract. We shall continue to process this personal data until the contract with our client(s) ends or is terminated under any contract terms.
The lawful basis we use for taking photos and videos of our clients is consent. Clients are asked to opt-in to images or videos of themselves being taken and posted to our social media channels, used in marketing materials or added to our website, should we choose to do so. Clients have the right to withdraw their consent at any time.
The lawful basis we use for the processing of special category data (health) is condition (f), “processing is necessary for the establishment, exercise or defence of legal claims or whenever courts are acting in their judicial capacity…”
If, as determined by us, the lawful basis upon which we process your personal information changes, we will notify you about the change and any new lawful basis to be used if required. We shall stop processing your personal information if the lawful basis used is no longer relevant.
5. Retention Periods
As per the GDPR, we will only control and process our client’s data as long as there is a need to do so. We take our obligation to destroy client data very seriously, and as such all client data will be removed and destroyed both electronically and in the form of hard copies, within one month of the contract ending / being terminated.
The exception to this is any special category, health data, which will be retained for a period of seven years after the end of any contract. This is required in case of any claim made against the company by a former client or employee.
6. Security and Protection
We ensure the security of any and all personal information and data that we hold by using secure data storage procedures.
All personal data we (the company) store is:
a) Stored on password protected computers and/or hard drives, which are only accessible by employees of the company.
b) Filed in a locked filing cabinet on location at the Core Training Sàrl studio. The cabinet is accessed only by key, of which there are two copies. These two keys are possessed by the direction of the company, and no other person shall have access to said keys.
Some of the personal data we collect and store may be present on third-party, online software. These include:
a) Mailchimp: Name, Email address, phone number.
b) Gmail/Google Forms: Initial contact forms – name, email address, phone number, body weight.
c) PTMinder: Name, Email Address, Phone Number, Date of Birth, Body Circumference Measurements and Body Weight.
Mailchimp: Read More
Gmail: Read More
PTMinder: Read More
7. Data Access
The personal data we hold will be accessible only by employees of Core Training Sàrl, namely at this time Mr. William Holmes and Miss Laura Dubler. Any data they process will be secured via different security methods, such as passwords and locked cabinets. All employees of the company are held to the standards of data protection laid out by the GDPR.
We do not sell, trade, or otherwise provide your personal data to outside individuals, companies or organisations. This does not include trusted third parties who assist us in conducting our business and servicing our clients, so long as said parties agree to keeping this information confidential. We may also release information when it is necessary to comply with the law, protect ours or others rights or safety.
The trusted third parties we work with are:
- Software Minder Limited (PTMinder)
- Stripe (payment handling software)
8. Individual Rights
Under the GDPR your rights are as follows:
1. The right to be informed
2. The right of access
3. The right to rectification of personal data held where it is incorrect of incomplete
4. The right to erasure (‘right to be forgotten’) if certain grounds are met
5. The right to restrict/suspend processing of personal data
6. The right to withdraw consent at any time (where processing is based on consent)
7. The right to object to processing personal data for direct marketing purposes
You also have the right to complain to the Federal Data Protection Information Commissioner (FDPIC) if you feel there is a problem with the way we are handling your data.
We handle subject access requests in accordance with the GDPR.
We do not collect data online from children under the age of 16, and only collect data in person from children under the age of 18 with the presence, and explicit permission of, a parent or legal guardian.
10. Contact Details
Préposée à la protection des données et à l’information
Rue Saint-Martin 6
Case Postale 5485
+41 (0) 21 316 40 64
Core Training Sàrl
Rue des Bosquets 13
+41 76 274 42 04
Data Protection Officer (DPO):
Rue des Bosquets 13
+41 78 647 42 82
What Are Cookies?
By adjusting the settings on your browser, you can prevent the setting of cookies onto your computer (see your browser ‘Help’ to find out how to do this). Be aware that disabling cookies may affect the functionality of this, and other, websites that you visit and use. Disabling cookies will often result in also disabling certain functionalities of this website. Therefore, we recommend that you do not disable cookies if you wish to continue using our site
The Cookies We Set:
1. Account related cookies
2. Login related cookies
3. Order processing related cookies
Our website offers e-commerce and payment facilities and some cookies are essential to ensure that your order is remembered between pages so that we can process it properly. Through our third-party payment processor, Stripe, we also offer the option to store your credit card details for future purchases – cookies will be necessary in order to accomplish this – though they will not be stored on your computer if you choose not to store payment details.
4. Site preferences cookies
In order to provide you with a great experience on our website, we provide functionality so that you may set your preferences for how the site runs when you are using it. In order to remember your preferences, we need to set cookies so that this information can be called upon whenever you interact with a page that is affected by your preferences.
5. Third Party Cookies
Our website uses Google Analytics, which is one of the most widespread and trusted analytics solution available on the internet. It helps us to understand how you use our site, and how we can improve your user experience. These cookies may track things such as how long you spend on the website, and which pages you visit – so we can continue to produce engaging content for all our users.
For more information on Google Analytics cookies, visit the official Google Analytics page here.
Third party analytics are used to track and measure usage of this site so that we can continue to produce engaging content. These cookies may track things such as how long you spend on the site, or which pages you visit - which helps us to understand how we can continue to improve the site for you.
We also use social media buttons and/or plugins throughout our website, which allow you to connect with your social networks in various ways. For these to work, the following social media sites, including; Facebook and Instagram, will set cookies throughout our website, which may be used to enhance your profile on their website, or contribute to the data they hold for various purposes – which will be outlined in their respective privacy policies, found here:
6. More Information
If you would like more information, then please contact us at the following email address: