top of page


Data Protection (GDPR) Policy – Build a Body May 2018



  1. Introduction 


  1. Build a Body are committed to safeguarding the privacy of our clients, customers and website and social media visitors referred to as “you” or “yours” in this policy.

  2. Our website incorporates privacy controls which affect how we will process your information.  All information gathered on our website is strictly designed so we can advise you on your queries and questions.

  3. In this Policy “we”, “us” and “our” refer to Build a Body.

  4. We have reviewed our Policy and mapped the personal data we hold to take account of the General Data Protection Regulation “GDPR” in force from May 2018. This Policy and procedures are designed to comply with the GDPR and ensure that we respect the personal data we receive from individuals. 


  1. How we use your personal data


  1. We collect personal information such as name, contact details and medical information so we understand our client’s fitness needs and requirements.  All medical information obtained is for the safety of our clients. The legal basis for this is consent. 

  2. All personal information gathered from the consultation and medical par-q will allow Build a Body to design and create an appropriate fitness program for the client.

  3. We will use personal information to contact you (by telephone, text, or email) to arrange appointments, personal training sessions or meetings.

  4. We will only use your personal information for marketing where you have given your consent for us to do so.


  1. Retaining and deleting personal data


  1. Personal data that we process and collect for any purpose shall not be kept for longer than necessary.

  2. Personal Information will be retained for a minimum of 3 years, and a maximum of 4 years from date of contracts being signed, for insurance and legal purposes. After this time all personal information will be securely destroyed.

  3. No personal data will be left unattended at any time.

  4. All personal information will be kept locked away in a secure area, with access restricted to only Build a Body personnel.

  5. All PCs, laptops and electronic devices that are used to store personal and sensitive information will be password protected and have the most up to date antivirus software installed.

  6. Passwords for laptops and PCs will not be shared with anyone other than the owner. 

  7. All information we gather is strictly for use by Build a Body. No third parties will be given access to your personal information without prior consent from the client.  We will never sell your personal data to a third party.


  1. Website and social media data


  1. We may process and store information in any enquiry you submit to us regarding goods, services and queries.  The enquiry data may be processed for purposes of offering, marketing and selling relevant goods and services to you. The legal basis of this processing is consent.

  2. We may process information related to transactions, including purchases of goods and services that you have entered with us (“transaction data”) through our website or personally.  The transaction data may include contact details, card details, and transaction details. The transaction data may be processed for the purpose of supplying goods and services, and keeping proper records of those transactions. The legal basis of this processing is the performance of a contract between you and us, and taking steps to enter in such contract and our legitimate interests. 

  3. Any pictures, videos or information posted on any social media stream will not be used without prior consent from any individual concerned.


  1.  Your rights 


5 The principal right about personal data under the GDPR are – 

a)               the right to access

b)               the right to rectification

c)                the right to erasure

d)               the right to restrict processing

e)               the right to object to processing

f)                the right to data portability

g)               the right to complain to Information Commissioners Office (ICO)

h)               the right to withdraw or vary consent


  1. You have the right to confirmation as to whether or not we process your personal     data and additional information.

  2. In some circumstances you have the right to restrict the processing of personal data, providing this information is not required in case of insurance or legal purposes.

  3. You have the right to reject any direct marketing, and if you object we will cease to process this information.

  4. You have the right for your personal data not to be used for any social media marketing.

  5. Where you withdraw or vary your consent to us processing your personal information, we will act up that as soon as reasonable practicable. 

  6. You have the right for your personal data not to be used for any social media marketing.

  7. Where you make a data subject access request, we will respond to that request in the time permitted by the GDPR.

  8. You have the right to refer concerns about our use of your personal data to the ICO.

  9. We will review this Policy regularly and ensure that our employees and consultants read and comply with it.  

bottom of page