Privacy Policy

Effective Date: 25.05.2018

 

I. Privacy Policy

1.     Introduction

General Data Protection Regulation (GDPR) replaces Data Protection Directive 95/46 under EU law. It has direct effect and implies a change in legislation of Member States in the field of personal data protection. The purpose of GDPR is to protect the rights and freedoms of individuals and to ensure that personal data are not processed without their knowledge and, where applicable, their consent.

Scope (GDPR Art.2) – this regulation applies to the processing of personal data wholly or partly by automated means and to the processing other than by automated means of personal data which form part of a filing system or are intended to form part of a filing system.

 

Definitions (GDPR Art. 4):

Personal Data means any information relating to an identified of identifiable natural person (‘data subject’); one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, and online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural, or social identity of that person.

Processing means any operation or set of operations which is performed on personal data (or sets of personal data) – whether or not by automated means. This includes collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction – basically anything we could possibly do with your data from the moment of collection to the moment of destruction.

Controller means the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of processing personal data. In this instance, Core Training Sàrl is the data controller.

Processor means a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller. In this instance, the employees of Core Training Sàrl shall be the data processors.

Third Party means a natural or legal person, public authority other than the data subject, controller or processor who, under the direct authority of the controller or processor, are authorized to process personal data.

Personal Data breach means a security breach leading to the accidental or unlawful destruction, loss, unauthorized disclosure of, or access to, personal data somehow processed.

Data Concerning Health means personal data related to the physical or mental health of a natural person, including the provision of health care services, which reveal information about his or her health status.

 

2.     Declaration:

2.1 The management of Core Training Sàrl will take measures to ensure compliance with legislation regarding the processing of personal data and the protection of ‘rights and freedoms’ of anyone whose personal data is collected and/or processed by the company.

2.2 Other relevant documents as well as their related processes will be described in this policy.

2.3 This policy covers all processing functions of personal data, including those relating to personal data of clients, employees, suppliers and partners.

2.4 The Data Protection Officer is responsible for reviewing all privacy procedures, policies and practices on an annual basis to ensure continued compliance and the updating to any necessary aspects of data processing.

2.5 This policy applies to all employees/workers of Core Training Sàrl. Any violation of the GDPR will be dealt with appropriately, as a breach of contract, and should there be a suspicion of a crime, the matter will be referred to the relevant authority as soon as possible.

2.6 Third Party companies who work with Core Training Sàrl will be expected to understand and comply with this policy. This policy, however, does not govern third party companies, and we encourage you to read the privacy policies of the third party companies we work with, should you have any concerns.

 

 

3.     How We Collect and Use Personal Data:

 

Core Training Sàrl complies with its obligations under the GDPR by keeping personal data up to date; by storing and destroying it securely; by not collecting or retaining excessive amounts of data; by protecting personal data from loss, misuse, unauthorized access and disclosure and by ensuring that appropriate technical measures are in place to protect personal data.

We collect the following personal data:

-       Name

-       Email Address

-       Phone Number

-       Address

-       Emergency contact

-       Date of Birth

-       Photos / Videos

-       Training History

-       Goals and Objectives

 

We also collect the following special category (health) data of our clients and employees:

-       Medical History

-       Weight

-       Body circumference measurements

 

Finally, we process the following personal data for the purpose of making / taking payments:

-       Credit Card Details (via Stripe)

-       Bank Account Details

     

We use your personal data for the following reasons:

-       To create a training and nutritional program at the request of our clients to help them achieve their goals (as per the contract they sign with us);

-       To maintain our own accounts and records;

-       To take bookings for personal training sessions and group classes;

-       To let you know about upcoming news, events, offers, services and changes to Core Training Sàrl;

-       To promote and market Core Training Sàrl and its services.

If the purposes of our processing change in future, we will notify you of proposed changes, update our privacy policies and notifications, and request your approval before making any changes.

 

We collect your personal data in the following ways:

-       By Email

-       By Phone and Whatsapp

-       Via our third-party email messaging system Mailchimp

-       Via our third-party website provider Squarespace

-       Via our third-party booking platform PTMinder

Some information will be collected when you first contact us, such as your name, email address and telephone number. This information may be collected via email, social media (facebook / Instagram), or through the filling out of paper forms.

Core Training Sàrl does not carry out any data profiling.

 

4.     Lawful Basis

The lawful basis that we use for processing your personal data is contract. Processing is necessary for the performance of a contract with the data subject (our clients) or to take steps to enter into a contract. We shall continue to process this personal data until the contract with our client(s) ends or is terminated under any contract terms.

The lawful basis we use for taking photos and videos of our clients is consent. Clients are asked to opt-in to images or videos of themselves being taken and posted to our social media channels, used in marketing materials or added to our website, should we choose to do so. Clients have the right to withdraw their consent at any time.

The lawful basis we use for the processing of special category data (health) is condition (f), “processing is necessary for the establishment, exercise or defence of legal claims or whenever courts are acting in their judicial capacity…”

If, as determined by us, the lawful basis upon which we process your personal information changes, we will notify you about the change and any new lawful basis to be used if required. We shall stop processing your personal information if the lawful basis used is no longer relevant.

 

5.     Retention Periods

As per the GDPR, we will only control and process our client’s data as long as there is a need to do so. We take our obligation to destroy client data very seriously, and as such all client data will be removed and destroyed both electronically and in the form of hard copies, within one month of the contract ending / being terminated.

The exception to this is any special category, health data, which will be retained for a period of seven years after the end of any contract. This is required in case of any claim made against the company by a former client or employee.

 

6.     Security and Protection

We ensure the security of any and all personal information and data that we hold by using secure data storage procedures.

All personal data we (the company) store is:

a)     Stored on password protected computers and/or hard drives, which are only accessible by employees of the company.

b)    Filed in a locked filing cabinet on location at the Core Training Sàrl studio. The cabinet is accessed only by key, of which there are two copies. These two keys are possessed by the direction of the company, and no other person shall have access to said keys.

Some of the personal data we collect and store may be present on third-party, online software. These include:

a)     Mailchimp: Name, Email address, phone number.

b)    Gmail/Google Forms: Initial contact forms – name, email address, phone number, body weight.

c)     PTMinder: Name, Email Address, Phone Number, Date of Birth, Body Circumference Measurements and Body Weight.

All of these accounts are password protected and accessed only by employees of Core Training Sàrl. We also encourage you to read each service’s own privacy policy at this time, to ensure you are comfortable with the ways in which they handle, process and protect your data:

Mailchimp: Read More

Gmail: Read More

PTMinder: Read More

 

7.     Data Access

The personal data we hold will be accessible only by employees of Core Training Sàrl, namely at this time Mr. William Holmes and Miss Laura Dubler. Any data they process will be secured via different security methods, such as passwords and locked cabinets. All employees of the company are held to the standards of data protection laid out by the GDPR.

We do not sell, trade, or otherwise provide your personal data to outside individuals, companies or organisations. This does not include trusted third parties who assist us in conducting our business and servicing our clients, so long as said parties agree to keeping this information confidential. We may also release information when it is necessary to comply with the law, protect ours or others rights or safety.

The trusted third parties we work with are:

-       Software Minder Limited (PTMinder)

-       Stripe (payment handling software)

-       Mailchimp

 

8.     Individual Rights

Under the GDPR your rights are as follows:

1.     The right to be informed

2.     The right of access

3.     The right to rectification of personal data held where it is incorrect of incomplete

4.     The right to erasure (‘right to be forgotten’) if certain grounds are met

5.     The right to restrict/suspend processing of personal data

6.     The right to withdraw consent at any time (where processing is based on consent)

7.     The right to object to processing personal data for direct marketing purposes

You also have the right to complain to the Federal Data Protection Information Commissioner (FDPIC) if you feel there is a problem with the way we are handling your data.

We handle subject access requests in accordance with the GDPR.

 

9.     Children

We do not collect data online from children under the age of 16, and only collect data in person from children under the age of 18 with the presence, and explicit permission of, a parent or legal guardian.

 

10.  Contact Details

Supervisory Authority:

Préposée à la protection des données et à l’information

Rue Saint-Martin 6

Case Postale 5485

1002 Lausanne

+41 (0) 21 316 40 64

Info.ppdi@vd.ch

 

Data Controller:

Core Training Sàrl

Rue des Bosquets 13

1800 Vevey

Vaud

+41 76 274 42 04

coretrainingpt@gmail.com

 

Data Protection Officer (DPO):

Will Holmes

Rue des Bosquets 13

1800 Vevey

Vaud

+41 78 647 42 82

Will.coretraining@gmail.com

 

 

II. Cookie Policy

This is the Cookie Policy for Core Training Sàrl, accessible at www.core-trainingpt.com

What Are Cookies?

As is the case with almost all professional websites, our site uses cookies, which are tiny files that are downloaded to your computer. The aim of these cookies is to improve your user experience. This policy describes what information the cookies we use gather, how we use said information and why we occasionally need to store these cookies. We will also let you know how you can prevent these cookies from being stored. However, this may downgrade or even ‘break’ some of the functionality of our website.

 

How We Use Cookies:

We use cookies for a variety of reasons, which are detailed below. Currently, there are no industry standard options for disabling cookies without compromising, or completely disabling, the functionality and features they add to our website. We recommend that you leave on all cookies if you are not sure whether you need them or not on our website. If you are uncomfortable with the use of cookies, then we suggest leaving our site and clearing cookies from your web browser.

 

Disabling Cookies:

By adjusting the settings on your browser, you can prevent the setting of cookies onto your computer (see your browser ‘Help’ to find out how to do this). Be aware that disabling cookies may affect the functionality of this, and other, websites that you visit and use. Disabling cookies will often result in also disabling certain functionalities of this website. Therefore, we recommend that you do not disable cookies if you wish to continue using our site

 

The Cookies We Set:

1.     Account related cookies

If you create an account with us on our site, then we will use cookies for the management of this signup process and general administration. These cookies will usually be deleted when you log out – however, in some cases they may remain on your computer after logging out in order to remember your site preferences.

 

2.     Login related cookies

We use cookies while you are logged in to your account, so that we can remember this. This stops you from having to log in every single time you visit a different page. These cookies are generally removed or cleared when you log out, to ensure that you can only access restricted features and/or pages when you are logged in.

 

3.     Order processing related cookies

Our website offers e-commerce and payment facilities and some cookies are essential to ensure that your order is remembered between pages so that we can process it properly. Through our third-party payment processor, Stripe, we also offer the option to store your credit card details for future purchases – cookies will be necessary in order to accomplish this – though they will not be stored on your computer if you choose not to store payment details.

 

4.     Site preferences cookies

In order to provide you with a great experience on our website, we provide functionality so that you may set your preferences for how the site runs when you are using it. In order to remember your preferences, we need to set cookies so that this information can be called upon whenever you interact with a page that is affected by your preferences.

 

5.     Third Party Cookies

In certain cases, we also use cookies provided by trusted third parties. This section details which third-party cookies you may encounter through this site.

Our website uses Google Analytics, which is one of the most widespread and trusted analytics solution available on the internet. It helps us to understand how you use our site, and how we can improve your user experience. These cookies may track things such as how long you spend on the website, and which pages you visit – so we can continue to produce engaging content for all our users.

For more information on Google Analytics cookies, visit the official Google Analytics page here.

Third party analytics are used to track and measure usage of this site so that we can continue to produce engaging content. These cookies may track things such as how long you spend on the site, or which pages you visit - which helps us to understand how we can continue to improve the site for you.

We also use social media buttons and/or plugins throughout our website, which allow you to connect with your social networks in various ways. For these to work, the following social media sites, including; Facebook and Instagram, will set cookies throughout our website, which may be used to enhance your profile on their website, or contribute to the data they hold for various purposes – which will be outlined in their respective privacy policies, found here:

Facebook Privacy Policy

Instagram Privacy Policy

 

6.     More Information

Hopefully, the above cookie policy has clarified everything for you – and as we previously mentioned, if there is anything you are unsure whether you need or not, it is usually safer to leave cookies enabled while using our site.

If you would like more information, then please contact us at the following email address:

Coretrainingpt@gmail.com