1.0 OUR CORE BELIEFS REGARDING USER PRIVACY AND DATA PROTECTION
- User privacy and data protection are human rights
- We have a duty of care to the people within our data
- Data is a liability, it should only be collected and processed when absolutely necessary
- We loathe spam as much as you do!
- We will never sell, rent or otherwise distribute or make public your personal information
2.0 RELEVANT LEGISLATION
Along with our business and internal computer systems, this website is designed to comply with the following national and international legislation with regards to data protection and user privacy:
- UK Data Protection Act 1998 (DPA)
- EU Data Protection Directive 1995 (DPD)
- EU General Data Protection Regulation 2018 (GDPR)
This site’s compliance with the above legislation, all of which are stringent in nature, means that this site is likely compliant with the data protection and user privacy legislation set out by many other countries and territories as well.
3.0 PERSONAL INFORMATION THAT THIS WEBSITE COLLECTS AND WHY WE COLLECT IT
This website collects and uses personal information for the following reasons:
3.1 Site visitation tracking
Like many websites, this site uses Google Analytics (GA) to track user interaction. We use this data to determine the number of people using our site, to better understand how they find and use our web pages and to see their journey through the website.
Although GA records data such as your geographical location, device, internet browser and operating system, none of this information personally identifies you to us. GA also records your computer’s IP address which could be used to personally identify you but Google do not grant us access to this. We consider Google to be a third party data processor (see section 6.0 below).
Disabling cookies on your internet browser will stop GA from tracking any part of your visit to pages within this website.
3.2 Contact Us Form on this site
- When you use our contact us form we may collect, store and use the following personal information:
- - Your Name
- - Your Contact information including email address and telephone no.
- - Your location (city/town/village)
- - Demographic information such as postcodes if provided
- Please note that the above information may be collected by us via various ways including when you use out contact forms, and/or participate in member surveys, sales promotions or any other feature of this website. Further, information might be collected by using common online collection methods like web browser cookies.
3.2.1 Right To Delete
You have the right to request Blood Sweat & Muscle delete all stored personal information within our systems relating to yourself by contacting us to make the request.
3.2.2 Why do we collect and process sensitive personal data?
We collect and process Sensitive Personal Data only so far as is necessary and in compliance with all applicable legislation. By using the Website and by sending your details to us, you consent to us collecting and processing Sensitive Personal Data supplied by you and utilising this information to make future contact with you, as part of the gym membership processes.
3.3 Contact forms and email links
Should you choose to contact us using the contact form on our Contact us page or an email link, none of the data that you supply will be stored by this website or passed to / be processed by any of the third party data processors defined in section 6.0. Instead the data will be collated into an email and sent to us over the Simple Mail Transfer Protocol (SMTP). Our SMTP servers are protected by TLS (sometimes known as SSL) meaning that the email content is encrypted using SHA-2, 256-bit cryptography before being sent across the internet. The email content is then decrypted by our local computers and devices.
4.0 HOW WE STORE YOUR PERSONAL INFORMATION
As detailed in section 3.2 above, if you contact us on this website as a current or possible gym member, no personal information will be stored within this website’s database itself. To protect your personal data and to minimise it being identifiable in the event of a breach, we keep the data we store from your personal online submissions to a minimum. Data transfers between the website script and the email clients we use, are over encrypted connections using the TLS (Transport Layer Security) protocol.
4.1 Disclosure of your information
Blood Sweat & Muscle will not sell, trade or rent your personal information to others unless you have given us your permission. Only if you opt to agree to our privacy policies and term, will we make any attempt to store or utilise your information.
5.0 ABOUT THIS WEBSITE’S SERVER
This website is hosted within a UK data centre located just outside London. Some of the servers security features are listed below:
- By default, the server uses the latest PHP 7.2 version with the latest security fixes.
- It is running Apache in a chrooted environment with suExec.
- Sophisticated IDS/IPS systems which block malicious bots and attackers are in use.
- ModSecurity is installed and the hosting providers update their security rules weekly, thus protecting from the most common attacks.
Some of the server's data centre’s more notable security features are as follows:
- 3m rota-spike security fence and perimeter anti ram barriers
- Blast proof anti-intruder shielded external windows and doors
- Proximity access locks on all external and internal doors
- Server cabinets have locked doors (no open racks)
- Perimeter and internal IP CCTV system monitored 24×7
- 24×7 on-site security guards with static and mobile patrols
- All on-site personnel are security vetted to BS7858 standard
- Only authorised security cleared staff are allowed into the facility
All traffic (transferral of files) between this website and your browser is encrypted and delivered over HTTPS.
5.1 Security of Your Personal Information
We take the security of your personal information very seriously and have appropriate technical and organisational measures in place. The site is protected against unauthorised access using the latest security devices and 'firewalls'.
To protect your personal information Blood Sweat & Muscle uses industry standard SSL (Secure Sockets Layer) encryption to encrypt and secure your data.
6.0 OUR THIRD PARTY DATA PROCESSORS
We use a number of third parties to process personal data on our behalf. These third parties have been carefully chosen and all of them comply with the legislation set out in section 2.0. Both of MailChimp and Google are based in the USA and are EU-U.S Privacy Shield compliant.
7.0 DATA BREACHES
We will report any unlawful data breach of this website’s database or the database(s) of any of our third party data processors to any and all relevant persons and authorities within 72 hours of the breach if it is apparent that personal data stored in an identifiable manner has been stolen.
8.0 DATA CONTROLLER
The data controller of this website is: Blood Sweat & Muscle Ltd, a UK Private limited Company with company number: 10666696
whose operating office is:
107 Ashby High Street
In order to keep up to date with your precise requirements you may from time to time receive relevant information and reminders from us connected to the services you have requested. This complies with The Privacy and Electronic Communications Regulations of 2003.
10.0 LINKS TO THIRD PARTY WEBSITES
11.0 FACEBOOK, TWITTER, & OTHER SOCIAL NETWORKS
These services provide social buttons and similar features which we use on our website – such as the “Like” and “Tweet” buttons.
To do so we embed code that they provide and we do not control ourselves. To function their buttons generally know if you’re logged in; for example Facebook use this to say “x of your friends like this”. We do not have any access to that information, nor can we control how those networks use it.
Social networks therefore could know that you’re viewing this website, if you use their services (that isn’t to say they do, but their policies may change). As our website is remarkably inoffensive we imagine this is not a concern for most users.