The Body Project (The Body Project, us, our, and/or we) is committed to protecting and respecting your privacy.
Please be aware that except to the extent required by law, or when it is deemed impracticable to do so, you have the option of remaining anonymous, or using a pseudonym, when dealing with us in relation to a particular matter.
1. SCOPE OF POLICY
This Policy applies to all information or opinion about an identified individual or an individual who is reasonably identifiable (you), whether the information or opinion is true or not, and whether the information is recorded in a material form or not (Personal Information) that is collected, stored, used and disclosed by The Body Project.
In this policy, we explain the kinds of Personal Information we collect, how and why we collect and use it, and what controls you have over our use of it.
Please read the following carefully to understand our practices regarding the collection and use of your Personal Information.
2. PERSONAL INFORMATION THAT THE BODY PROJECT COLLECTS AND HOLDS
The Personal Information collected, held, used and disclosed by us includes, but is not limited to, the following information about you:
- name and/or username;
- date of birth (see section 3 below);
- country of residence;
- email address;
- medical/health information (see section 3 below);
- a record of pages you visit on our website;
- information about any complaints you may lodge; and
- information about or related to your customised training program, support provided to you by our coaches or any other service we provide you.
Some of the above information may also be classified as “health information” under the GDPR. Please see section 3 below for details about how we might collect, hold, use or disclose health information about you.
3. HEALTH INFORMATION AND SENSITIVE PERSONAL INFORMATION
Given the nature of our business as provider of personal training and online fitness resources, we may also collect some sensitive information about you, for example, information about your health, which is afforded a higher level of privacy protection.
The GDPR includes the following information as “health information”:
- information or an opinion about the health (including illness, disability or injury) of an individual;
- the individual’s expressed wishes about the future provisions of health services provided to him or her; or
- personal information which is collect as part of providing a “health service”, collectively, ‘Health Information’.
Under the GDPR, a “health service” includes (among other things) any activity intended or claimed to assess, maintain or improve an individual’s health, or to record the individual’s health for the purpose of improving or managing the individual’s health.
Health Information which we might collect about you includes, but is not limited to:
- any medical issues (as may be relevant to your use of Personal Training, Training Programs or similar services we provide to you);
- your health situation (for example, whether you are injured, pregnant or disabled, to the extent relevant to your use of the Personal Training, Training Programs or other similar services we provide to you);
- your current height, weight, age, gender, and biometric calculations relating to these, such as BMR and macronutrient requirements;
- what facilities or equipment you use to train;
- training frequency;
- training experience;
- progress management – regular progress photos of you, and record of height, weight, and similar information, as you work towards your goals through our program;
- progress management – a record of your progress in weekly exercises and metrics including performance, weights lifted, and repetitions;
- your specific nutritional requirements;
- a description of your fitness and nutrition goals; and
- any other information required for the provision of our training services to you.
We will not collect, use or disclose any of your Health Information except to the extent necessary to provide a health service to you through our programs, and will ensure that any Health Information is collected, used and disclosed only in accordance with rules established by other competent health or medical bodies (where applicable) that deal with obligations of professional confidentiality.
4. HOW THE BODY PROJECT COLLECTS AND HOLDS PERSONAL INFORMATION
We will only collect Personal Information from you directly, unless it is unreasonable and impractical to do so.
We may collect Personal Information from you directly in the following ways:
- if you subscribe to Personal or Online Training or create an account on our website;
- if you request assistance or advice from our online coaches;
- if you make a request for support online, by email or by telephone;
- if you participate in promotional offers;
- if you choose to subscribe to our mailing list; or
- if you disclose information such as contact details via our website.
In a situation where it is unreasonable or impractical to obtain Personal Information from you directly, you may be asked to consent to our collection of your Personal Information from a third-party.
We will always notify you after any of your Personal Information has been collected by us from a third party.
The Body Project holds Personal Information in databases hosted on servers based in the United Kingdom and United States.
We take reasonable steps to:
- protect your Personal Information from misuse, interference and loss and from unauthorised access, modification or disclosure;
- ensure that our system is appropriately backed-up to prevent the loss of your Personal Information; and
- destroy or de-identify Personal Information when it is no longer required.
Some security measures that we have in place to protect your Personal Information include the following:
- access to the database where your personal information is stored is restricted to particular authorised staff members;
- the password for database access is changed frequently;
- we use well-known and widely used technology to store and process data; and
- our hosting providers manage the server and database protection in accordance with standard web practices.
In the case that any of the Personal Information held by The Body Project is lost, or subjected to unauthorised access, modification, disclosure or other misuse or interference, we will notify you immediately and advise you of the steps you should take in response to the breach. Additionally, if we receive any unsolicited Personal Information (i.e. we inadvertently obtain information about you that we did not request) we will determine whether we would have been able to obtain the information by the methods described in this section 4. If not, we will, as soon as practicable, destroy the information and ensure that the information is de-identified.
5. THE PURPOSE FOR WHICH THE BODY PROJECT COLLECTS, HOLDS, USES AND DISCLOSES PERSONAL INFORMATION
Personal Information which is collected by The Body Project will be held, used and disclosed by us for the primary purpose of providing training and fitness regimes to our customers including:
- personalising our fitness regimes to help you achieve your individual fitness goals;
- formulating fitness programs to suit your individual health requirements;
- determining your nutritional requirements and providing you with the tools to track your food intake;
- notifying you of account activity or update (such as a completed training program, comment or monthly check-in);
- sending you an email to notify you of any account changes or updates to our services (such as updates to your programs or appointments);
- supporting and enhancing our relationship with you (this includes processing your membership subscription, providing you with better support and service and sharing company news and information with you);
- to provide insights into the progress and experiences of The Body Project members; and
- to deal with complaints.
The Body Project does not sell any of your Personal Information to third parties.
6. OVERSEAS STORAGE AND DISTRIBUTION OF PERSONAL INFORMATION
As set out in section 4 above, your Personal Information is stored on servers hosted in the United Kingdom and United States.
We will not distribute the Personal Information you provide to another foreign entity unless we are required to do so by law or you provide your express consent to such a disclosure.
7. CONSEQUENCES IF ALL OR SOME PERSONAL INFORMATION IS NOT COLLECTED
You do not have to provide us with any Personal Information. However, if you choose to withhold any requested information, you may not be able to utilise our full offering, access special promotions or we may not be able to provide you with personalised support that is dependent upon the collection of such information.
8. HOW LONG WE RETAIN YOUR PERSONAL INFORMATION
We will only retain your Personal Information for as long as necessary to provide our services (as described in section 5 above) to you.
9. ACCESS AND CORRECTION OF PERSONAL INFORMATION
You have a right to request access to your Personal Information and to request its correction, by emailing us at firstname.lastname@example.org or by otherwise sending your request to the address specified in section 10 below. Upon receipt of a written request from you, we will give you access to the Personal Information we hold about you within 30 days of receiving your request unless an exception to access applies under the GDPR.
Upon receipt of a written request from you we will comply with our obligations under the GDPR to correct, amend, delete or cease to deal with any Personal Information we hold about you if it proves to be factually inaccurate, incomplete, or irrelevant to the purpose(s) for which it is being held within 30 days.
10. COMPLAINTS PROCESS
If you have a complaint about the way we have dealt with your Personal Information please make a complaint in writing to us using the contact details included in section 11 below. We will respond to all complaints within 30 days.
Please note that you may lodge your complaint anonymously. However, this may limit our ability to deal with your complaint and implement a satisfactory remedy.
11. CONTACT DETAILS