Version: GDPR 1, updated May 2019
Overview: Your Privacy Matters
Physique London Limited (“Physique”) is committed to protecting and respecting your privacy. This policy (together with the Terms and Conditions of Use and any other documents we refer to in this policy or the Terms and Conditions of Use) set out how we will use your personal information and who it will be shared with. Please read the following carefully.
Physique’s mission is to inspire people to lead vibrant, energetic and happy lives. Central to this mission is our commitment to be transparent about the data we collect about you, how it is used and with whom it is shared.
What Personal Data do we collect?
We collect Personal Data about you when you visit our Sites or use our Services, including the following:
- Registration and use information – When you register to use our Services by establishing an Account, we will collect Personal Data as necessary to offer and fulfil the Services you request. We may require you to provide us with your name, postal address, telephone number, email address, date of birth, gender, emergency contact name and contact information, how you heard about us and pre-existing health conditions in our health commitment and waiver release form to establish an Account.
- Any correspondence you send to us, telephone us, or when you email us.
- Details of your visits to our site and the resources that you access (which may include, amongst other things; traffic data and communication data);
- Details of credits purchased on the site; and
- Reservations you make for Physique’s classes.
We may require you to provide us with additional Personal Data as you use our Services, to the extent that it is necessary for the provision of those services. Where we believe that we need more data we will set out the reasons why we need that information, and describe how we intend to use it.
Why Do We Retain Personal Data?
How Do We Process Personal Data?
We will process your Personal Data for a variety of reasons that are justified under data protection laws in the European Economic Area (EEA) and Switzerland.
To operate the Sites and provide the Services, including to:
Create an account
Make a booking
Make a class cancellation
Make a waitlist booking
Make a purchase for the provision of our Services
Initiate a payment, whether one-off or through our “Auto Top-Up” functionality
To manage our business needs, such as monitoring, analysing, and improving the Services and the Sites’ performance and functionality. For example, we analyse User behaviour and perform research about the way you use our Services.
To manage risk and protect the Sites, the Services and you from fraud by verifying your identity, and helping to detect and prevent fraud and abuse of the Sites or Services.
To comply with our obligations and to enforce the terms of our Sites and Services, including to comply with all applicable laws and regulations.
To anonymise Personal data in order to provide aggregated statistical data to third parties, including other businesses and members of the public, about how, when, and why Users visit our Sites and use our Services.
With your consent, including to:
To market to you by delivering marketing materials about Physique’s Products and Services. We may also Process your Personal Data to tailor certain Services or Site experiences to better match our understanding of your interests.
To provide you with location-specific options, functionality or offers if you elect to share your Geolocation Information through the Services. We will use this information to enhance the security of the Sites and Services and provide you with location-based Services, such as advertising, search results, and other personalised content.
To respond to your requests, for example to contact you about a question you submitted to our customer service team.
You can withdraw your consent at any time and free of charge. Please refer to the section on “Your Privacy Choices” for more information on how to do that.
Your health data is regarded as a special category of data under data protection laws. We process health data so as to be aware of any particular concerns or issues that may affect your ability to undertake exercise with us, or to assist us if there is a medical emergency. Because we cannot allow you to participate in a class unless we have this information we regard the information as being necessary for the performance of your contract with us. In addition, we must have additional authority to process this personal data, because of its status. We will only process this data with your explicit consent, which we will ask for separately. Given the significant harm that could result if we are not aware of a medical condition, we will not be able to allow you to take our classes without your consent.
Do We Share Personal Data?
With other companies that provide services to us: We share Personal Data with third-party service providers that perform services and functions at our direction and on our behalf. Our providers include companies who will process our credit and debit card payments; companies who maintain our website and credits system, and companies that maintain our mailing lists and other contact details.
With other institutions that we have partnered with to jointly create and offer a product or service. These institutions may only use this information to market and offer Physique related products, unless you have given consent for other uses.
With other third parties for our business purposes or as permitted or required by law. We may share information about you with other parties for Physique’s business purposes or as permitted or required by law, including:
if we need to do so to comply with a law, legal process or regulations;
to law enforcement authorities or other government officials, or other third parties pursuant to a subpoena, a court order or other legal process or requirement applicable to Physique;
if we believe, in our sole discretion, that the disclosure of Personal Data is necessary or appropriate to prevent physical harm or financial loss or in connection with an investigation of suspected or actual illegal activity;
to protect the vital interests of a person; to investigate violations of or enforce a user agreement or other legal terms applicable to any Service;
to protect our property, Services and legal rights;
to facilitate a purchase or sale of all or part of Physique business;
to help assess and manage risk and prevent fraud against us, our Users and fraud involving our Sites or use of our Services, including fraud that occurs at or involves our business partners, strategic ventures, or other individuals, and institutions;
to support our audit, compliance, and corporate governance functions.
In addition, Physique may provide aggregated statistical data to third-parties, including other businesses and members of the public, about how, when, and why Users visit our Sites and use our Services. This data will not personally identify you or provide information about your use of the Sites or Services. We do not share your Personal Data with third parties for their marketing purposes without your consent.
We always ensure that safeguards are in place whenever personal data is transferred outside of the EEA. Currently these take the form of Model Clauses approved by the European Commission and binding corporate rules. In addition, if we use a service provider based in the USA then we expect them to be registered under the EU-US Privacy Shield.
Do Not Track (DNT) is an optional browser setting that allows you to express your preferences regarding tracking by advertisers and other third-parties. In line with many other websites, we do not respond to DNT signals.
What Privacy Choices Are Available To You?
Choices Relating to the Personal Data We Collect:
Personal Data – You may decline to provide Personal Data when it is requested by PayPal, but certain Services or all of the Services may be unavailable to you.
Location and other device-level information – The device you use to access the Sites or Services may collect information about you, including Geolocation Information and User usage data that Physique may then collect and use. For information about your ability to restrict the collection and use of such information, please use the settings available in the device.
Choices Relating to Our Use of Your Personal Data:
Online Tracking and Interest-Based Advertising – We work with partners and third-party service providers to serve you advertising using ad-related cookies and web beacons. You can opt-out of third-party advertising-related cookies and web beacons, in which case our advertising should not be targeted to you. You will continue to see our advertising on third party websites.
For more information on third-party advertising-related cookies and interest-based advertising, and to learn how to opt-out of these practices with companies participating in industry self-regulation, please visit http://www.youronlinechoices.com/uk/about-behaviou…
Choices Relating to Cookies:
You may have options available to manage your cookies preferences. For example, your browser or internet device may allow you delete, disable, or block certain cookies and other tracking technologies. You may choose to enable these options, but doing so may prevent you from using many of the core features and functions available on a Service or Site.
You can learn more about our cookies and tracking technologies by visiting the Statement on Cookies and Tracking Technologies page.
Choices Relating to Your Registration and Account Information:
If you have an Account, you generally may review and edit Personal Data by logging in and updating the information directly or by contacting us. Contact us if you do not have an Account or if you have questions about your Account information or other Personal Data.
Choices Relating to Communication Notices, Alerts and Updates from Us:
Marketing: We may send you marketing content about our Sites, Services, products through various communication channels, for example, email, text, pop-ups, push notifications, and messaging applications. You may opt out of these marketing communications we send by following the instructions in the communications you receive. If you have an Account with us, you may also adjust your communication preferences in your Account settings. For messages sent via push notifications, you may manage your preferences in your device.
Informational and Other: We will send communications to you that are required or necessary to send to Users of our Services, notifications that contain important information and other communications that you request from us. You may not opt out of receiving these communications. However, you may be able to adjust the media and format through which you receive these notices.
What Are Your Rights?
Subject to limitations set out in EEA data protection laws, you have certain rights in respect of your Personal Data. In particular, you have a right of access, rectification, restriction, opposition, erasure and data portability. Please contact firstname.lastname@example.org if you wish to exercise these rights. If you wish to complete an access request to all personal data that Physique holds on you, we would ask that you provide 2 points of data verification to prove your identity, for example, your Date of Birth and Postcode.
If you have an Account with any of our Services, you generally can review and edit Personal Data in the Account by logging in and updating the information directly.
How Do We Protect Your Personal Data?
We maintain technical, physical, and administrative security measures designed to provide reasonable protection for your Personal Data against loss, misuse, unauthorised access, disclosure, and alteration. The security measures include firewalls, data encryption, physical access controls to our data centres, and information access authorisation controls. While we are dedicated to securing our systems and Services, you are responsible for securing and maintaining the privacy of your password(s) and Account/profile registration information and verifying that the Personal Data we maintain about you is accurate and current.
Can Children Use Our Services?
The Sites and Services are not directed to children under the age of 16. We do not knowingly collect information, including Personal Data, from children or other individuals who are not legally able to use our Sites and Services. If we obtain actual knowledge that we have collected Personal Data from a child under the age of 16, we will promptly delete it, unless we are legally obligated to retain such data. Contact us if you believe that we have mistakenly or unintentionally collected information from a child under the age of majority.
What Else Should You Know?
If the revised version includes a substantial change, we will provide you with 30 days prior notice by posting notice of the change on the “Policy Update” page of our website. We also may notify Users of the change using email or other means.
We want to make sure your questions go to the right place: email@example.com
If you are not satisfied by the way in which we address your concerns, you have the right to lodge a complaint with the Supervisory Authority for data protection in your country. In the United Kingdom this is the Information Commissioners Office – www.ico.org.uk