CLC Fitness - Privacy Policy Last Updated: 1 June 2026 (Supersedes policy dated 13 May 2026)
1. Who We Are (Data Controller): CLC Fitness (Carly Corrigall t/a CLC Fitness), 21 Abbots Close, Guildford GU2 7RW. Email: carly@clcfitness.co.uk. Website: www.clcfitness.co.uk. We are responsible for your personal data and determine how it is processed.
2. How We Collect Your Personal Information:
We collect information when you use our website, social media, or services. This includes:
Personal Information (identifiable data):
Identity Data: Name, maiden name, marital status, title, date of birth, gender.
Contact Data: Address, email, phone number(s), emergency contacts.
Financial Data: Bank account and payment card details.
Technical Data: IP address, browser type and version, device information, time zone, location data, cookie identifiers and information about how you interact with our website, emails and advertisements.
Transaction Data: Details of purchased services (classes, packages, trials).
Profile Data: Exercise programmes, questionnaire responses (PAR-Q, lifestyle, health trackers, consent forms, food diaries), interests, preferences, feedback, survey responses.
Usage Data: How you use our website and services.
Marketing and Communications Data: Your preferences for receiving marketing from us.
Non-Personal Information (anonymous data): Website pages accessed, files downloaded (used to improve our services).
You provide this information via our website, apps, social media, phone, email, or in person.
3. How We Use Your Personal Information (Purposes and Legal Basis):
We use your data for the following purposes, based on the legal grounds stated:
To provide requested services, classes, or information (e.g., class entry, newsletters) - Contractual necessity.
To maintain records of our relationship - Legitimate interests.
To manage your contact preferences - Legitimate interests/Consent.
For research and analytics to improve our services (aggregated and anonymised where possible) - Legitimate interests.
To communicate with you, including service updates - Contractual necessity/Legitimate interests.
To monitor the effectiveness of our communications (e.g., email tracking in anonymised form) - Legitimate interests.
With your Consent, to send you marketing about our news, classes, events, and occasionally partner projects (you can opt out at any time).
To assess your health and fitness level - Contractual necessity/Consent (for sensitive data like health information).
To contact you about services we think may interest you - Legitimate interests/Consent.
4. Sharing Your Personal Information:
We take data security seriously and will never sell your personal information for marketing purposes. We may share your data with:
Staff for service provision.
Trusted suppliers and partners who process data on our behalf (e.g., IT support, payment processors, cover instructors). Some of our service providers may process personal data outside the UK. Where this occurs, we ensure appropriate safeguards are in place in accordance with UK data protection law, including the use of adequacy regulations or approved contractual safeguards where required.
Professional advisors (legal, financial, insurance).
Police or other authorities if legally required.
Insurers.
HM Revenue & Customs and other regulatory bodies.
Third parties in case of business sale, transfer, or merger.
Applications and tools we use (e.g., Zoom, Squarespace, Meta/Facebook, Google Analytics, Gmail, Vimeo, Jotform, SurveyMonkey. Stripe, Description, Captivate, Riverside, Manychat).
5.Cookies, Analytics and Advertising
We use cookies and similar technologies on our website to improve your experience, analyse website traffic and help us understand how visitors use our services.
This may include the use of third-party tools such as:
Google Analytics
Meta/Facebook Pixel
Squarespace analytics and marketing tools
TelegramCaptivate
Descript
Riverside
ManyChat
These tools may collect information such as:
pages visited
time spent on the website
links clicked
device/browser information
IP address
actions taken on our website (such as signing up to a guide, purchasing a service or submitting a form)
We may use this information to:
improve our website and services
measure the effectiveness of advertising
show relevant adverts to people who have visited our website or interacted with our content on platforms such as Facebook and Instagram
Some third-party providers, including Meta, may use cookies or similar technologies to deliver personalised advertising based on your online activity.
You can manage or disable cookies through your browser settings. You can also manage advertising preferences through your Facebook and Instagram account settings.
Where required by law, we will obtain your consent before placing non-essential cookies or similar technologies on your device. You can change your cookie preferences at any time through our website cookie settings or browser controls.
6. How Long We Keep Your Data:
We retain your data only as long as necessary to provide services, meet legal obligations, and for our legitimate interests (e.g., legal claims, tax/accounting rules). Generally, we keep personal data for 7 years after it's no longer needed, unless:
The law requires a longer or shorter retention period.
You request erasure (where applicable and no overriding legal reason to retain).
Limited exceptions under law allow indefinite retention with appropriate safeguards.
We will securely dispose of your data when it's no longer needed.
7. Your Rights:
Under data protection law, you have the right to:
Access: Request a copy of your personal data.
Correction: Ask us to correct inaccurate data.
Erasure ("Right to be Forgotten"): Request deletion of your data in certain circumstances.
Object to Processing: Object to processing based on legitimate interests or direct marketing.
Restriction of Processing: Ask us to limit how we use your data in specific situations.
Data Portability: Request your data in a portable format.
Withdraw Consent: If we rely on your consent, you can withdraw it at any time.
For more information, visit the ICO website (www.ico.org.uk). We may request information necessary to verify your identity before processing certain requests. We will only request information that is reasonable and proportionate to confirm your identity. We will respond within one month. Note that some rights have limitations.
8. Complaints
If you have any concerns about how we collect, use or store your personal data, we would appreciate the opportunity to address them first.
Please contact us using the details in Section 1 and we will investigate your concern and respond as soon as possible.
If you remain dissatisfied, you have the right to lodge a complaint with the Information Commissioner's Office (ICO), the UK's data protection regulator.
Information about how to make a complaint can be found on the ICO website at www.ico.org.uk.
9. Updating Your Data:
Please inform us of any changes to your personal information (name, address, email, etc.) to ensure accuracy. Contact us using the details in Section 1.
10. Third-Party Links:
Our website may contain links to other websites. We are not responsible for their privacy practices; please review their policies.
11. Reporting a Data Breach:
If we experience a data breach that is likely to cause harm to you, we will notify the ICO within 72 hours and inform you without undue delay.
12. Changes to This Policy:
We may update this policy periodically. Changes will be posted on our website and/or communicated via email, taking effect 7 days after posting or email date (whichever is earlier). Please review this policy regularly. Continued use of our services after changes constitutes acceptance.
This Privacy Policy is dated 1st June 2026.