Legal & Transparency
Privacy Policy
Contents
Podfit is a private personal training studio based in York, run by Neil Owens. This policy explains what personal data we collect, why we collect it, how we use it, and the rights you have over it.
Podfit is a sole trader business. Questions about this policy can be directed to us using the contact details at the end of this document.
Section 01
The Data We Collect
Enquiry & Contact Data
When you contact us through our website, social media, or in person, we may collect:
- Name and contact details (phone number, email address)
- Details of your enquiry, fitness goals, or any messages you send us
Marketing & Automation Data
If you opt in to receive messages from us via Facebook/Instagram ads or our ManyChat automated messaging sequence, we collect:
- Your Facebook/Instagram profile information necessary to deliver messages (e.g. name, profile ID)
- Your responses within the automated message sequence
- Email address, if you provide one for follow-up communication
You can opt out of marketing messages at any time by replying STOP, unsubscribing via any email link, or contacting us directly.
Client Health & Medical Data
Because Podfit delivers personal training, we collect health-related information that UK data protection law classes as special category data, including:
- Medical conditions, injuries, and physical limitations relevant to safe training
- Information disclosed on health questionnaires or consent forms
- Where applicable, parental disclosures relating to a minor's health for supervised or unsupervised training purposes
We only collect health data with your explicit consent, and only to the extent necessary to plan and deliver training safely. It is never used for marketing.
CCTV
Our studio is monitored by CCTV for security and safety purposes. Footage may capture clients, visitors, and minors using the studio under independent access arrangements. CCTV is clearly signposted at the studio entrance. Footage is not used for staff monitoring or marketing purposes, and is retained only as long as necessary before being automatically overwritten.
Section 02
How We Use Your Data
We use the data described above to:
- Respond to enquiries and arrange training sessions
- Plan and deliver safe, appropriate personal training
- Take account of medical conditions or injuries when designing programmes
- Send marketing messages where you have opted in, and measure the effectiveness of our advertising
- Maintain the safety and security of the studio via CCTV
- Meet our legal and insurance obligations
Section 03
Our Legal Basis for Processing
- Consent — for marketing messages, ManyChat automation, and the collection of health and medical data
- Contract — to deliver the personal training service you have booked
- Legitimate interests — for CCTV security monitoring and general business administration
Where we rely on consent, you may withdraw it at any time. This will not affect the lawfulness of anything done before withdrawal.
Section 04
Where Your Data Is Stored
Your data may be held in one or more of the following places, depending on how you interact with us:
- Secure spreadsheets used for client and booking records
- Meta and ManyChat platforms, for automated messaging sequences
- Email, for direct correspondence
- CCTV recording system, located at the studio
We take reasonable steps to keep this data secure, including restricting access and avoiding the storage of health data alongside general marketing data wherever possible.
Section 05
Data Relating to Minors
Where we work with clients under 18 — including informal or unpaid arrangements — we collect data only with the consent of a parent or legal guardian. This includes contact details, relevant health disclosures, and emergency contact information.
We do not use a minor's data for marketing purposes under any circumstances.
Section 06
How Long We Keep Your Data
- Enquiry data not converted to a client relationship: up to 12 months
- Client and health data: for the duration of the training relationship, plus a reasonable period afterwards to meet insurance and legal requirements
- Marketing / ManyChat data: until you unsubscribe or opt out, or after a period of inactivity
- CCTV footage: a short rolling period, after which it is automatically overwritten
Section 07
Sharing Your Data
We do not sell your personal data. We may share limited data with:
- Service providers who help us operate (e.g. Meta/ManyChat for messaging, email providers)
- Our insurers, in the event of a claim
- Authorities, where required by law or to protect health and safety
Section 08
Your Rights
Under UK GDPR, you have the right to:
- Access the personal data we hold about you
- Ask us to correct inaccurate data
- Ask us to delete your data, where applicable
- Withdraw consent at any time
- Object to certain types of processing
- Complain to the Information Commissioner's Office (ICO) at ico.org.uk if you believe your data has been mishandled
To exercise any of these rights, contact us using the details below.
Section 09
Contact Us
Get in Touch
Questions about this policy or how we handle your data? Contact Neil directly.