Privacy Policy
Level Up: Physiology & Fitness Clinic (“we”, “our”, “us”) is committed to protecting your privacy and ensuring the security of your personal data. This Privacy Policy explains how we collect, use, store, share, and protect your personal information in compliance with applicable data protection laws, including the General Data Protection Regulation (GDPR) and the UK Data Protection Act 2018. It also outlines your rights regarding your personal data and how you can contact us.
1. Information We Collect
We collect personal data to provide our services, improve your experience, and meet legal obligations. The types of data we collect depend on how you interact with us. We collect information when you:
Book an appointment or purchase a product (e.g., in-person services, fitness programmes, or merchandise).
Sign up for a consultation or download a digital programme.
Contact us via our website forms, email, phone, or social media.
Visit our website, where data is collected automatically via cookies and similar technologies.
Data We Collect
The personal data we may collect includes:
Identity and Contact Information: Name, email address, phone number, and postal address.
Health-Related Data: Information provided during screenings, consultations, or fitness assessments (e.g., medical history, fitness goals, or physiological data), which is necessary to deliver tailored services.
Payment and Billing Information: Credit/debit card details, billing address, or other payment information processed through secure third-party payment providers.
Technical and Usage Data: IP address, browser type, device information, pages visited, and interaction data collected via cookies or analytics tools.
Marketing and Communication Preferences: Your preferences for receiving newsletters, promotional offers, or other communications.
Other Information: Any additional information you voluntarily provide, such as feedback, survey responses, or inquiries.
2. How We Use Your Information
We use your personal data for the following purposes:
Service Delivery: To process bookings, deliver consultations, provide fitness programmes, and fulfill product orders.
Communication: To respond to your inquiries, confirm appointments, send service-related updates, or provide customer support.
Personalization: To tailor our services, such as creating personalized fitness plans based on health-related data.
Website Improvement: To analyze website usage and improve functionality, content, and user experience.
Legal Compliance: To meet legal, regulatory, or tax obligations, such as maintaining records or responding to lawful requests from authorities.
Marketing: To send promotional materials, newsletters, or special offers (only with your consent, where required).
Security: To detect and prevent fraud, unauthorized access, or other illegal activities.
We process your data based on the following legal grounds:
Consent: For example, when you opt into marketing communications or provide health-related data for personalized services.
Contract: To fulfill our obligations under agreements, such as delivering booked services or products.
Legal Obligation: To comply with applicable laws or regulations.
Legitimate Interests: For purposes like improving our services or ensuring website security, where these interests do not override your rights.
3. Sharing Your Data
We do not sell, rent, or trade your personal data. We may share your data with trusted third parties only when necessary to provide our services or meet legal obligations. These third parties include:
Service Providers: Payment processors, IT service providers, email platforms, and analytics providers who operate under strict data protection agreements.
Professional Advisors: Accountants, auditors, or legal advisors bound by confidentiality obligations.
Regulatory Authorities: When required by law, such as for tax reporting or in response to lawful requests.
All third parties are required to protect your data in accordance with applicable data protection laws and our contractual agreements. We do not transfer your data outside the European Economic Area (EEA) unless adequate safeguards, such as Standard Contractual Clauses, are in place.
4. Data Storage & Security
Storage
We retain your personal data only for as long as necessary to fulfill the purposes outlined in this policy or as required by law. For example:
Booking and payment data may be retained for up to 7 years to comply with tax and accounting regulations.
Health-related data is retained only for the duration of your engagement with our services, unless you consent to longer retention for ongoing support.
Marketing data is retained until you unsubscribe or withdraw consent.
Once data is no longer needed, it is securely deleted or anonymized.
Security
We implement robust technical and organizational measures to protect your data, including:
Encryption of sensitive data (e.g., payment information) during transmission and storage.
Access controls to ensure only authorized personnel can access your data.
Regular security audits and updates to our systems.
Secure servers hosted in compliance with industry standards.
Despite our efforts, no system is completely immune to security risks. If a data breach occurs, we will notify you and relevant authorities as required by law.
5. Your Rights
Under data protection laws, you have the following rights regarding your personal data:
Access: Request a copy of the personal data we hold about you.
Rectification: Correct inaccurate or incomplete data.
Erasure: Request deletion of your data, subject to legal or contractual limitations.
Restriction: Request that we limit the processing of your data in certain circumstances.
Data Portability: Receive your data in a structured, commonly used format or have it transferred to another organization.
Object: Object to processing based on legitimate interests, including marketing communications.
Withdraw Consent: Withdraw consent at any time where we rely on it for processing (this does not affect prior processing).
To exercise these rights, please contact us at levelupclinic@outlook.com. We will respond within one month, though complex requests may take longer. If you are dissatisfied with our response, you can lodge a complaint with the UK Information Commissioner’s Office (ICO) at www.ico.org.uk.
6. Cookies & Tracking Technologies
We use cookies and similar technologies (e.g., web beacons, pixels) to enhance your experience on our website. Cookies are small text files stored on your device that help us analyze website performance and functionality.
Types of Cookies
Essential Cookies: Necessary for the website to function, such as maintaining user sessions.
Analytics Cookies: Collect anonymized data on how visitors use our website to improve its performance.
Marketing Cookies: Used to deliver relevant advertisements, if you consent.
You can manage cookies through your browser settings or our cookie consent tool. Note that disabling essential cookies may affect website functionality. For more details, see our Cookie Policy [link to Cookie Policy, if available].
7. Third-Party Links
Our website may contain links to third-party websites, such as payment processors or social media platforms. We are not responsible for the privacy practices of these websites. We encourage you to review their privacy policies before providing personal data.
8. Children’s Privacy
Our services are not intended for individuals under 16 years of age. We do not knowingly collect personal data from children. If we become aware that a child has provided us with personal data, we will take steps to delete it.
9. Changes to This Privacy Policy
We may update this Privacy Policy to reflect changes in our practices or legal requirements. We will notify you of significant changes via email or a notice on our website. The updated policy will be effective from the date posted.
10. Contact Us
If you have questions, concerns, or requests regarding your personal data or this Privacy Policy, please contact our Data Protection Officer:
Email: levelupclinic@outlook.com
We aim to respond to all inquiries within 48 hours.