1.1 We are committed to safeguarding the privacy of www.theboxgymcornwall.co.uk, The Box Gym Cornwall, The Body Box BG and Martin Goodenough and other associated sites or businesses website visitors and service users known forth as “our website visitors and service users”.
1.2 This policy applies where we are acting as a data controller with respect to the personal data of our website visitors and service users; in other words, where we determine the purposes and means of the processing of that personal data.
1.4 Our website incorporates privacy controls which affect how we will process your personal data. By using the privacy controls, you can specify whether you would like to receive direct marketing communications and limit the publication of your information.
1.5 In this policy, “we”, “us” and “our” refer to www.theboxgymcornwall.co.uk and associated sites.
Definitions and Interpretation
In this Policy the following terms shall have the following meanings:
means a small text file placed on your computer or device by the The Box Gym Cornwall website when you visit certain parts or when you use certain features of our site.
means the relevant parts of the Privacy and Electronic Communications (EC Directive) Regulations 2003;
means any and all data that relates to an identifiable person who can be directly or indirectly identified from that data. In this case, it means personal data that you give to us via our site. This definition shall, where applicable, incorporate the definitions provided in the EU Regulation 2016/679 – the General Data Protection Regulation (“GDPR”)
What Does This Policy Cover
This policy applies only to your use of The Box Gym Cornwall’s website which may contain links to other websites. Please note that we have no control over how your data is collected, stored, or used by other websites and we advise you to check the privacy policies of any such websites before providing any data to them.
As a data subject, you have the following rights under the GDPR, which this policy and our use of personal data have been designed to uphold:
The right to be informed about our collection and use of personal data;
The right of access to the personal data we hold about you (see section 11);
The right to rectification if any personal data we hold about you is inaccurate or incomplete (please contact us using the details in section 13);
The right to be forgotten – i.e. the right to ask us to delete any personal data we hold about you (we only hold your personal data for a limited time, as explained in section 5);
The right to restrict (i.e. prevent) the processing of your personal data;
The right to data portability (obtaining a copy of your personal data to re-use with another service or organisation);
The right to object to us using your personal data for particular purposes;
If you have any cause for complaint about our use of your personal data, please contact us using the details provided in section 13 and we will do our best to solve the problem for you. If we are unable to help, you also have the right to lodge a complaint with the UK’s supervisory authority, the Information Commissioner’s Office.
For further information about your rights, please contact the Information Commissioner’s Office or your local Citizens Advice Bureau.
What Data Do We Collect?
date of birth
contact information such as email addresses and telephone numbers
demographic information such as post code, preferences and interests
financial information such as credit / debit card numbers
How Do We Use Your Data?
All personal data is processed and stored securely, for no longer than is necessary in light of the reason(s) for which it was first collected. We will comply with our obligations and safeguard your rights under the GDPR at all times. For more details on security see section 7, below.
Our use of your personal data will always have a lawful basis, either because it is necessary for our obligations under a contract with you, because you have consented to our use of your personal data (e.g. by subscribing to a membership), or because it is in our legitimate interests. Specifically, we may use your data for the following purposes:
Providing and managing your account
Providing and managing your access to our site
Personalising and tailoring your experience on our site
Supplying products and/or services to you (please note that we require your personal data in order to enter into a contract with you);
Personalising and tailoring products and/or services for you
Replying to emails from you
Supplying you with emails that you have opted into (you may unsubscribe or opt-out at any time
Analysing your use of our site and gathering feedback to enable us to continually improve our site and your user experience
With your permission and/or where permitted by law, we may also use your data for marketing purposes which may include contacting you by email, telephone, text message and or post with information, news and offers on our products and/or services. We will not, however, send you any unsolicited marketing or spam and will take all reasonable steps to ensure that we fully protect your rights and comply with our obligations under the GDPR and the Privacy and Electronic Communications (EC Directive) Regulations 2003.
You have the right to withdraw your consent to us using your personal data at any time, and to request that we delete it.
We do not keep your personal data for any longer than is necessary in light of the reason(s) for which it was first collected. Data will therefore be retained for the following periods (or its retention will be determined on the following bases):
Your information will be retained unless you tell us otherwise or The Box Gym Cornwall ceases to trade.
2.1 In this Section 2 we have set out:
(a) the general categories of personal data that we may process;
(b) in the case of personal data that we did not obtain directly from you, the source and specific categories of that data;
(c) the purposes for which we may process personal data; and
(d) the legal bases of the processing.
2.2 We may process data about your use of our website and services (“usage data“). The usage data may include your IP address, geographical location, browser type and version, operating system, referral source, length of visit, page views and website navigation paths, as well as information about the timing, frequency and pattern of your service use. The source of the usage data is Google Analytics, Wicked Reports and other reporting software or services we may use. This usage data may be processed for the purposes of analyzing the use of the website and services. The legal basis for this processing is our legitimate interests, namely monitoring and improving our website, marketing strategies and services.
2.3 We may process your account data (“account data“). The account data may include your name, IP, product interests, gender and email address. The account data may be processed for the purposes of operating our website, providing our services, ensuring the security of our website and services, maintaining back-ups of our databases and communicating with you. The legal basis for this processing is our legitimate interests, namely the proper administration of our website and business.
2.4 We may process your information included in your personal profile on our website (“profile data“). The profile data may include your name, address, telephone number, email address, goals, fitness statistic, eating preferences, current body shape, body measurements, body composition pictures, gender, date of birth, relationship status, interests and hobbies, educational details and employment details and any other relevant information to help optimise and tailor any form of fitness or dieting plan to you as an individual. The profile data may be processed for the purposes of enabling and monitoring your use of our website and services. The legal basis for this processing is our legitimate interests, namely the proper administration of our website, services and business operations.
2.5 We may process your personal data that are provided in the course of the use of our services (“service data“). The service data may include your name and email address. The source of the service data is you. The service data may be processed for the purposes of operating our website, providing our services, ensuring the security of our website and services, maintaining back-ups of our databases and communicating with you. The legal basis for this processing is our legitimate interests, namely the proper administration of our website and business.
2.6 We may process information that you post for publication on our website or through our services (“publication data“). The publication data may be processed for the purposes of enabling such publication and administering our website and services. The legal basis for this processing is consent.
2.7 We may process information contained in any enquiry you submit to us regarding goods and/or services (“enquiry data“). The enquiry data may be processed for the purposes of offering, marketing and selling relevant goods and/or services to you. The legal basis for this processing is to help you find the perfect solution or service to meet your needs, goals and preferences.
2.8 We may process information relating to transactions, including purchases of goods and services, that you enter into with us and/or through our website (“transaction data“). The transaction data may include your contact details, your card details and the transaction details. The transaction data may be processed for the purpose of supplying the purchased goods and services and keeping proper records of those transactions. The legal basis for this processing is the performance of a contract between you and us and/or taking steps, at your request, to enter into such a contract and our legitimate interests, namely the proper administration of our website and business.
2.9 We may process information that you provide to us for the purpose of subscribing to our email notifications and/or newsletters (“notification data“). The notification data may be processed for the purposes of sending you the relevant notifications, offers and/or newsletters updates. The legal basis for this processing is consent you provided when purchasing a product, service or entering your email on our site.
2.10 We may process information contained in or relating to any communication that you send to us (“correspondence data“). The correspondence data may include the communication content and metadata associated with the communication. Our website will generate the metadata associated with communications made using the website contact forms. The correspondence data may be processed for the purposes of communicating with you and record-keeping. The legal basis for this processing is our legitimate interests, namely the proper administration of our website and business and communications with users.
2.11 We may process your personal data. This data may include names, email addresses, phone numbers, addresses, shipping information, billing information, and personal profile data. This data may be processed for the purpose of supplying the purchased goods and services and keeping proper records of those transactions. The legal basis for this processing is consent.
2.12 We may process any of your personal data identified in this policy where necessary for the establishment, exercise or defense of legal claims, whether in court proceedings or in an administrative or out-of-court procedure. The legal basis for this processing is our legitimate interests, namely the protection and assertion of our legal rights, your legal rights and the legal rights of others.
2.13 We may process any of your personal data identified in this policy where necessary for the purposes of obtaining or maintaining insurance coverage, managing risks, or obtaining professional advice. The legal basis for this processing is our legitimate interests, namely the proper protection of our business against risks.
2.14 In addition to the specific purposes for which we may process your personal data set out in this Section 2, we may also process any of your personal data where such processing is necessary for compliance with a legal obligation to which we are subject, or]in order to protect your vital interests or the vital interests of another natural person.
2.15 Please do not supply any other person’s personal data to us, unless we prompt you to do so.
When Do We Collect Information
We collect information from you when you visit our website, register on our site, place an order, subscribe to a newsletter, respond to a survey, fill out a form, Use Live Chat, Open a Support Ticket, sign up to our fitness App or enter information on our site.
We may use the information we collect from you when you register, make a purchase, sign up for our newsletter, respond to a survey or marketing communication, surf the website, or use certain other site features in the following ways:
• To personalize your experience and to allow us to deliver the type of content and product offerings in which you are most interested.
• To improve our website in order to better serve you.
• To allow us to better service you in responding to your customer service requests.
• To administer a contest, promotion, survey or other site feature.
• To quickly process your transactions.
• To resolve transactional disputes.
• To ask for ratings and reviews of services or products
• To follow up with them after correspondence (live chat, email or phone inquiries)
How and Where Do We Store Your Data?
We only keep your personal data for as long as we need to in order to use it as described above in section 5, and/or for as long as we have your permission to keep it.
Your data will only be stored in the UK.
Data security is very important to us, and to protect your data we have taken suitable measures to safeguard and secure data collected through our site.
Do We Share Your Data
We may share your data with other companies in our group. This includes our subsidiaries and membership management partners.
We may compile statistics about the use of our site including data on traffic, usage patterns, user numbers, and other information. All such data will be anonymised and will not include any personally identifying data, or any anonymised data that can be combined with other data and used to identify you. We may from time to time share such data with third parties such as prospective investors, affiliates, partners, and advertisers. Data will only be shared and used within the bounds of the law.
3.1 We may disclose your personal data to any member of our group of companies (this means our subsidiaries, our ultimate holding company and all its subsidiaries) insofar as reasonably necessary for the purposes, and on the legal bases, set out in this policy.
3.2 We may disclose your personal data to our insurers and/or professional advisers insofar as reasonably necessary for the purposes of obtaining or maintaining insurance coverage, managing risks, obtaining professional advice, or the establishment, exercise or defense of legal claims, whether in court proceedings or in an administrative or out-of-court procedure.
3.3 We may disclose account, service, profile and enquiry to our suppliers or subcontractors insofar as reasonably necessary for our legitimate interests, namely the proper administration of our website and business and communications with users.
3.4 Financial transactions relating to our website and services are handled by our payment services providers, www.Stripe.com. We will share transaction data with our payment services providers only to the extent necessary for the purposes of processing your payments, refunding such payments and dealing with complaints and queries relating to such payments and refunds. You can find information about the payment services providers’ privacy policies and practices at www.Stripe.com.
3.5 In addition to the specific disclosures of personal data set out in this Section 3, we may disclose your personal data where such disclosure is necessary for compliance with a legal obligation to which we are subject, or in order to protect your vital interests or the vital interests of another natural person. We may also disclose your personal data where such disclosure is necessary for the establishment, exercise or defense of legal claims, whether in court proceedings or in an administrative or out-of-court procedure.
What Happens If Our Business Changes Hands
In the event that any of your data is to be transferred in such a manner, you will not be contacted in advance and informed of the changes. When contacted you will however be given the choice to have your data deleted or withheld from the new owner or controller.
4.1 This Section 4 sets out our data retention policies and procedure, which are designed to help ensure that we comply with our legal obligations in relation to the retention and deletion of personal data.
4.2 Personal data that we process for any purpose or purposes shall not be kept for longer than is necessary for that purpose or those purposes.
4.3 We will retain your personal data as follows:
(a) All personal data categories listed above will be retained for a minimum period of 12 months following 25th of May 2018, and for a maximum period of 5 years unless you remain an active member which is deemed by email campaign engagement, new purchases, downloads or logins to your account.
4.4 In some cases it is not possible for us to specify in advance the periods for which your personal data will be retained.
4.5 Notwithstanding the other provisions of this Section 5, we may retain your personal data where such retention is necessary for compliance with a legal obligation to which we are subject, or in order to protect your vital interests or the vital interests of another natural person.
How Can You Control Your Data
In addition to your rights under the GDPR, set out in section 3, when you submit personal data via our Site, you may be given options to restrict our use of your data. In particular, we aim to give you strong controls on our use of your data for direct marketing purposes (including the ability to opt-out of receiving emails from us which you may do by unsubscribing using the links provided in our emails and at the point of providing your details and by managing your account.
You may also wish to sign up to one or more of the preference services operating in the UK: The Telephone Preference Service (“the TPS”), the Corporate Telephone Preference Service (“the CTPS”), and the Mailing Preference Service (“the MPS”). These may help to prevent you receiving unsolicited marketing. Please note, however, that these services will not prevent you from receiving marketing communications that you have consented to receiving.
Your Right to Withhold Information
You may access certain areas of The Box Gym Cornwall’s website without providing any data at all. However, to use all features and functions available you may be required to submit or allow for the collection of certain data.
How Can You Access Your Data
You have the right to ask for a copy of any of your personal data held by us (where such data is held). Under the GDPR, no fee is payable, and we will provide any and all information in response to your request free of charge. Please contact us for more details at email@example.com or using the contact details below in section 13.
All Cookies used by and on our site are used in accordance with current law.
Before Cookies are placed on your computer or device, you will be shown a prompt requesting your consent to set those Cookies. By giving your consent to the placing of Cookies you are enabling us to provide the best possible experience and service to you. You may, if you wish, deny consent to the placing of Cookies; however certain features of our site may not function fully or as intended.
Certain features of our site depend on Cookies to function. The law deems these Cookies to be “strictly necessary”. Your consent will not be sought to place these Cookies, but it is still important that you are aware of them. You may still block these Cookies by changing your internet browser’s settings, but please be aware that our site may not work properly if you do so. We have taken great care to ensure that your privacy is not at risk by allowing them.
The Box Gym Cornwall website uses website analytics services provided by third parties. Website analytics refers to a set of tools used to collect and analyse anonymous usage information, enabling us to better understand how our site is used. This, in turn, enables us to improve our site and the products and services offered through it. You do not have to allow us to use these services, however whilst our use of them does not pose any risk to your privacy or your safe use of our site, it does enable us to continually improve our site, making it a better and more useful experience for you.
In addition to the controls that we provide, you can choose to enable or disable Cookies in your internet browser. Most internet browsers also enable you to choose whether you wish to disable all cookies or only third-party cookies. By default, most internet browsers accept Cookies but this can be changed. For further details, please consult the help menu in your internet browser or the documentation that came with your device.
You can choose to delete Cookies on your computer or device at any time, however you may lose any information that enables you to access Our Site more quickly and efficiently including, but not limited to, login and personalisation settings.
If you have any questions about using The Box Gym Cornwall website, or this policy, please contact us by email at:
or by post at
The Box Gym Cornwall,
Unit 12, Moorland Road Industrial Park,
Please ensure that your query is clear, particularly if it is a request for information about the data we hold about you.
We may change this policy from time to time (for example, if the law changes). Any changes will be immediately posted on our site and you will be deemed to have accepted the terms of the policy on your first use of our site following the alterations. We recommend that you check this page regularly to keep up-to-date.