INTERNET PRIVACY & COOKIES POLICY

This website is the property of Quickstep Fitness. We take the privacy of all visitors to this Website very seriously and therefore set out in this privacy and cookies policy our position regarding certain privacy matters and the use of cookies on this website.

This policy covers all data that is shared by a visitor with us whether directly via Quickstep Fitness or via email.

This policy provides an explanation as to what happens to any personal data that you share with us, or that we collect from you either directly via this Website or via email.

Certain businesses are required under the Data Protection Act to have a data controller. For the purpose of the Data Protection Act 1998 and updates in 2018 our data controller is Jason Waite and can be contacted via email at quickstepfitness24@gmail.com

INFORMATION WE COLLECT

We may collect the following information:

  • Name

  • Contact information including telephone number and email address

  • Demographic business information

  • Other information relevant to customer surveys and/or offers

WHAT WE DO WITH THE INFORMATION WE GATHER

In operating our Website we may collect and process the following data about you:

  • Details of your visits to our Website and the resources that you access including, but not limited to, traffic data, location data, weblog statistics and other communication data.

  • Information that you provide by filling in forms on our Website, such as when you register to receive information such as a newsletter or contact us via the contact us page.

  • Information provided to us when you communicate with us for any reason.

USE OF COOKIES

On occasion, we may gather information about your computer for our services, and to provide statistical information regarding the use of our Website to our advertisers. Such information will not identify you personally, it is statistical data about our visitors and their use of our site. This statistical data does not identify any personal details whatsoever. It is used by us to analyse how visitors interact with our websites so that we can continue to develop and improve our websites.

We may gather information about your general internet use by using a cookie file that is downloaded to your computer. Where used, these cookies are downloaded to your computer automatically. This cookie file is stored on the hard drive of your computer. They help us to improve our website and the service that we provide to you.

All computers have the ability to decline cookies. This can be done by activating the setting on your browser which enables you to decline the cookies. Please note that should you choose to decline cookies, you may be unable to access particular areas of our Website.

Any advertisement featured on this website or link to a website controlled by a third party may also incorporate cookies over which we have no control. Such cookies (if used) would be downloaded once you click on the advertisement or link to the third party website.

For more information on cookies you can read the guidance at www.allaboutcookies.org.

THIRD PARTY COOKIES: GOOGLE ANALYTICS:

We may use Google Analytics for SEO purposes and to improve their online marketing efforts. For a detailed explanation of how Google Analytics cookies work and what data it gathers, please visit: https://developers.google.com/analytics/devguides/collection/analyticsjs/cookie-usage.

SHARING YOUR INFORMATION WITH OUR PARTNERS

We partner with certain organisations to carry out certain aspects of our operation. For example, we use a company called Ashborne to make direct debit collections on our behalf. We share with Ashborne all of the information which is necessary to make these collections and in order for them to be able to meet their obligations under the Direct Debit Guarantee Scheme.

STORING YOUR PERSONAL DATA

We may transfer data that we collect from you to locations outside of the European Economic area for processing and storing. In addition, it may be processed by staff operating outside the European Economic area who work for us or for one of our suppliers. For example, such staff may be engaged in the processing and concluding of your order, the processing of your payment details and the provision of support services. By submitting your personal data, you agree to this transfer, storing or processing. We will take all reasonable steps to make sure that your data is treated securely and in agreement with this privacy policy.

Data that is provided to us is stored on our secure servers. Details relating to any transactions entered into via our site will be encrypted to ensure its safety.

The transmission of information via the internet is not completely secure and therefore we cannot guarantee the security of data sent to us electronically and the transmission of such data is entirely at your own risk. Where we have given you (or where you have chosen) a password so that you can access certain areas of our site, you are responsible for keeping this password confidential.

USE OF YOUR INFORMATION

The information that we collect and store relating to you is primarily used to enable us to provide our services to you. In addition, we may use the information for the following purposes:

  • To invite you to attend marketing events such as our Discovery Days if you register an interest in becoming a member.

  • To invite you to visit one of our health and fitness clubs so that you can find out more about the facilities and membership options which are available or to have a free trial using the facilities in our club or to encourage you to become a member of our health and fitness club if you register an interest in joining up.

  • To request that you provide us with a review containing your views on the quality of the services and facilities we supply to you as well as your impression of the quality of service you receive from our staff.

  • To request that you consider recommending the services or products which we supply and to provide us with details which will allow us to contact a friend or colleague who you think would be interested in a service or product which we supply such as membership to Quickstep Fitness.

  • To contact you to provide you with more information about a post that is available in our club if you have registered an interest in joining as an employee or as a freelance worker such as a personal trainer or a studio instructor.

  • To provide you with general information related to products or services in which you have expressed an interest and to provide information on other products or services which we feel may be of interest to you if you have consented to receive such information.

  • To meet our contractual commitments to you, for example to notify you of any price changes to a membership which you may sign up for or to inform you of a temporary or permanent change to opening hours or any other factor which may affect your enjoyment of the facilities at our health and fitness club of which you may become a member.

  • To notify you about any changes to our website, such as improvements or service/product changes, that may affect our service.

  • If you are an existing customer, we may contact you with information about goods and services similar to those which were the subject of a previous sale to you.

  • We may use your data, or permit selected third parties to use your data, so that you can be provided with information about unrelated goods and services which we consider may be of interest to you. We or they may contact you about these goods and services by any of the methods that you consented to at the time your information was collected.

  • We will only contact you for marketing purposes or allow third parties to contact you for marketing purposes if you have provided consent for this to happen. Furthermore, you will only be contacted using the means of contact to which you have consented.

  • If you do not want us to use your data for the purposes of marketing by ourselves or third parties you will have the opportunity to withhold your consent to this when you provide your details to us on the form on which we collect your data.

  • Please be advised that we do not reveal information about identifiable individuals to our own marketing agencies but we may, on occasion, provide them with aggregate statistical information about our visitors such as your area of residence or age group.

DISCLOSING YOUR INFORMATION

Where applicable, we may disclose your personal information to any member of our group. This includes, where applicable, our subsidiaries, our holding company and its other subsidiaries.

We may also disclose your personal information to third parties:

  • Where we sell any or all of our business and/or our assets to a third party

  • Where we are legally required to disclose your information

  • To assist fraud protection and minimise credit risk

THIRD PARTY LINKS

You might find links to third party websites on our Website. These websites should have their own privacy policies which you should check. We do not accept any responsibility or liability for their policies whatsoever as we have no control over them.

ACCESS TO INFORMATION

The Data Protection Act 1998 & 2003 gives you the right to access the information that we hold about you. Should you wish to receive details that we hold about you please contact us using the contact details below.

DATA BREACH POLICY

This is the data breach policy for Quickstep Fitness

We take the security of the data which we hold very seriously and go to great lengths to ensure that it is adequately protected and is used only for the purposes for which it was collected. We have a series of policies and procedures in place to ensure that we comply with all current legislation. We train our staff to ensure that they are aware of their responsibilities in protecting the data and how they should act when using it. We also employ sophisticated means to protect our data from malicious attack and attempts to gain unauthorised access or make unauthorized use of the data which we hold. We destroy or anonymise data as soon as there is no longer a justification for us to hold it in relation to the purposes for which it was collected.

Despite all of the above it is unfortunately, impossible for us to completely protect all of the data which we hold from theft, attack, unauthorised use or failure to follow agreed procedures. This policy describes the measures we take to monitor whether any breaches have occurred and the procedures we will follow should we become aware that a breach may have occurred.

SCOPE

This policy applies to the following individuals and orgainsations:

  • All individuals who work for the Quickstep Fitness United Kingdom and all territories covered by the General Data Protection Regulations (GDPR) regulations whether they are employed directly or are contracted to work on behalf of the organisation.

  • All individuals who work in the fitness club located in the United Kingdom and all territories covered by the GDPR which are owned by ourselves or whether they are employed directly or are contracted to work in the club on a regular or casual basis.

  • Our partners who process and collect data on our behalf, for example, the Ashborne which processes direct debits on our behalf. Each of our partner organisations whom we deem to be covered by this policy has been sent a copy and has given an assurance that they will abide by its contents.

This policy applies to the following data:

  • All data and information which we hold related to private individuals including, but limited to the following:

    • Members, prospective members and ex members of our clu

    • Staff and other workers who work in our own offices or in the field in whatever capacity we employ them

  • Sensitive data related to our business, for example, records of our finances or legal affairs

  • Sensitive data related to the businesses , for example, our assessments of their performance, records of their finances or legal affairs

 

MONITORING WHETHER A BREACH HAS OCCURRED

We take the following measures to monitor whether a breach has occurred and to ensure that we become aware should a breach or a potential breach come to the attention of any of our staff, members of our club or any other individual:

  • By publishing this policy on our public facing websites we promote awareness of its existence and make any visitor to our public facing website aware of the steps they can take should they suspect that a breach has occurred or may occur in the future. The policy itself contains clearly describes how anyone can communicate their concerns to named individuals within Quickstep Fitness.

  • This policy is published on Shedul which is the software application which is used in our club to manage and monitor the operation of Quickstep Fitness. As a result, the policy is made available to our own staff, and the individuals who work in their club. The policy clearly lays out what they must do in the event that they suspect that a breach has occurred or may occur in the future.

  • We make use of sophisticated cyber protection software which monitors activity in our data centres and reports any unusual activity such as large volumes of data being downloaded to unknown IP addresses.

  • We train our staff and those individuals who work in our club in various ways.

  • We include all of our data protection policies in our operating manual which is made available to our club managers.

 

ADVICE AND SUPPORT

Any individual who requires advice or support in relation to this policy or an incident they feel it may cover should first of all speak to their manager or the owner of Quickstep Fitness. If this is not possible or felt to be appropriate or if further advice or support is needed then the matter may be referred to any of the following:

NB Please use email or ‘phone if you feel that your query needs to be addressed urgently.

BREACH NOTIFICATION

This policy requires that any individual who is included in its scope (described above) who suspects that a theft, breach, unintended exposure or unauthorised access of the data described above must report the fact as soon as is reasonable possible and in any case within one working day of the information coming to their attention.

If possible, a written description of the nature of the breach or suspected breach along with details of the date and time at which occurred should be provided to any of the contacts listed above as sources of help and advice. Information may be supplied anonymously but it would be most helpful if the name and contact information of the person reporting the breach could be supplied.

An examples of practices which may be likely to lead to a breach should also be reported in the same way.

What we will do when Issues are Reported to us

The matter will be initially reviewed by the Data Protection Officer (DPO) who will consider the circumstances and the information which has been supplied. One or more of the following actions may be taken:

  • If it seems likely that a breach has taken place and there is a credible risk that further access to the same information or to other information may occur, or if a practice has been reported which seems to have a high risk of resulting in an imminent breach, immediate steps will be taken to protect the resource, for example, by shutting down the function or service which was used to gain access to the information or strengthening the security around it.

  • As soon as there is firm evidence of the nature of any data having been inappropriately accessed and where it is possible to identify those individuals who may have been affected a communication plan will be developed in conjunction with our own communications scheme involving legal and human resource departments to decide whether an=d how to communicate the breach to:

    • internal employees

    • the public

    • those directly affected

  • The communication is likely to include information such as:

    • The date and time on which the breach occurred

    • The data which has been accessed, eg names, contact numbers, email addresses

    • The steps which we are taking to investigate the matter and ensure that it does not reoccur

  • The matter itself may also be brought to the attention of any one or more of the following:

    • The manager of any persons involved in the matter

    • The managers and owners of any club connected with the matter or who have members potentially affected by the matter

    • The Office of the Data Commissioner

    • The law enforcement authorities

    • Third party suppliers

    • The CEO and other members of Quickstep Fitness board

    • Other members of staff

    • Any other individual or body we believe is appropriate

 

ENFORCEMENT

Any Quickstep Fitness  Management personnel found in violation of this policy may be subject to disciplinary action, up to and including termination of employment. Any third-party partner company found in violation may have their network connection terminated.

CONTACTING US

We welcome any queries, comments or requests you may have regarding this policy please do not hesitate to contact us via the website www.quickstepfitness.co.uk
If you would prefer to write to us then our contact address is:
Data Protection Enquiries
Quickstep Fitness
Bedwas Court
Caerphilly
Mid-Glam
CF83 3FG