This Policy explains how Vivo Outdoor Fitness treats your data that Vivo Outdoor Fitness accrues in the provision of its service and how we comply with the relevant privacy regulations.
We only collect that data which is required to provide the services we offer. We don’t frivolously manipulate it, sell it, aggregate it for other people or otherwise use it for anything other than for our services.
The use of any service offered by Vivo Outdoor Fitness shall indicate acceptance of this policy.
The data we collect and legal basis for processing your personal data
|Purpose||Legal Basis||Data Collected|
|Billing||Contract||Full name, bank details|
|To explain the risks and responsibilities||Contract||Group Fitness Class Waiver form: Name and emergency contact Name and phone number|
|To ensure members health||Vital Interest||PAR-Q Form: Name, Date of Birth and contact Name. Name, relationship and phone number of an emergency contact. Pre-existing medical conditions, Doctors contact details|
|To comply with Equality Act 2010||Legal||PAR-Q Form: Additional information on adjustments or support needed for any physical or mental disabilities.|
|Manage Appointments and analysing session usage||Contract||Name, phone number, email address, sessions booked including number of places and time.|
|Tracking of Personal Bests||Legitimate Interest||Name and results from fitness tests.|
We do not use email addresses for marketing purposes.
Transfer of data to third parties:
We use GoCardless to process monthly direct debit payment. If you have a question about how GoCardless handles your personal data, you can reach them at:
GoCardless Ltd., Sutton Yard, 65 Goswell Road, London EC1V 7EN, United Kingdom
Or visit: https://gocardless.com/privacy/payers
Our website and email is hosted on servers located in the US and Europe.
How we secure, store and retain your information
We follow generally accepted standards to store and protect the personal information we collect, both during transmission and once received and stored, including utilization of encryption where appropriate.
We retain personal information only for as long as necessary to provide the Services you have requested and thereafter for a variety of legitimate legal or business purposes. These might include retention periods:
- mandated by law, contract or similar obligations applicable to our business operations;
- for preserving, resolving, defending or enforcing our legal/contractual rights; or
- needed to maintain adequate and accurate business and financial records.
If you have any questions about the security or retention of your personal information, you can contact us.
Changes from last version:
None. This is the first version of our privacy notice
We operate under the UK Data Protection Act (DPA) 2018 which encompasses the EU GDPR regulation. The DPA 2018 law require us to make sure that the personal data we hold is:
- processed lawfully, fairly and in a transparent manner;
- collected for specified, explicit and legitimate purposes and not further processed in a manner that is incompatible with those purposes;
- adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed;
- accurate and where necessary kept up to date;
- kept for no longer than is necessary for the purposes for which the personal data are processed.
- processed in a manner that ensures appropriate security of the personal data, including protection against unauthorised or unlawful processing and against accidental loss, destruction or damage, using appropriate technical or organisational measures.
When exercising any of the rights listed below and in order to process your request, we may need to verify your identity for your security. In such cases we will need you to respond with proof of your identity before you can exercise these rights.
Please contact us using firstname.lastname@example.org
- The right to access personal data we hold on you. At any point you can contact us to request the personal data we hold on you as well as why we have that personal data, who has access to the personal data and where we obtained the personal data from. Once we have received your request and verified who you are we will usually respond within one month, unless the request is particularly complex. There are no fees or charges for the first request but additional requests for the same personal data or requests which are manifestly unfounded or excessive may be subject to an administrative fee.
- The right to correct and update the personal data we hold on you.
- The right to object to processing of your personal data or to restrict it to certain purposes only. You have the right to request that we stop processing your personal data or ask us to restrict processing. Upon receiving the request we will contact you and let you know if we are able to comply or if we have a legal obligation to continue to process your data.
- The right to withdraw your consent to the processing at any time for any processing of data to which consent was obtained.
- The right to request portability of data. You can request that personal data you have provided which is based on consent or for the performance of a contract and that that has been carried out by automated means be provided to you in a structured and machine-readable format.
- The right to object. You can object to your personal data being used where the legal basis is legitimate interest or public interest or is being used for direct marketing.
- The right to not be subject to decision based solely on automated processing
- The right to lodge a complaint with the Information Commissioner’s Office. You can contact the Information Commissioner’s Office on 0303 123 1113 or via email [ ] or at the Information Commissioner’s Office, Wycliffe House, Water Lane, Wilmslow, Cheshire SK9 5AF. Alternatively, please contact the relevant supervisory body for the country you are resident.
Apart from the session cookie which is required for this website to function, we do not store any other cookies including 3rd part cookies on your device.