Who we are
Your privacy is important to LukeRichardsonFitness. To protect your privacy we provide this notice explaining our online information practices and the choices you can make about the way your information is collected and used. We will only use the information that we collect about you lawfully. We collect information about you for 2 reasons: Firstly, to process your order and secondly, to provide you with the best possible service. We will not e-mail you unless you have explicitly opted onto our email list. Every email sent out will also give clear instruction as to how to remove yourself from our email list.
We will never collect sensitive information about you without your consent. The information we hold will be accurate and up to date. You can check the information that we hold about you by emailing us. If you find any inaccuracies or errors, we will delete or correct it promptly.
Any and all information will not be sold or otherwise provided to third parties, misused in any way or held or processed contrary to our obligations and your rights under the General Data Protection Regulation 2018. All information collected via GoCardless/Stripe will be held by Online Trainer Education, in accordance with its data privacy policy and your rights as a data subject under the GDPR.
Comments
When visitors leave comments on the site we collect the data shown in the comments form, and also the visitor’s IP address and browser user agent string to help spam detection.
An anonymized string created from your email address (also called a hash) may be provided to the Gravatar service to see if you are using it. The Gravatar service privacy policy is available here: https://automattic.com/privacy/. After approval of your comment, your profile picture is visible to the public in the context of your comment.
Media
If you upload images to the website, you should avoid uploading images with embedded location data (EXIF GPS) included. Visitors to the website can download and extract any location data from images on the website.
Cookies
If you leave a comment on our site you may opt-in to saving your name, email address and website in cookies. These are for your convenience so that you do not have to fill in your details again when you leave another comment. These cookies will last for one year.
If you visit our login page, we will set a temporary cookie to determine if your browser accepts cookies. This cookie contains no personal data and is discarded when you close your browser.
When you log in, we will also set up several cookies to save your login information and your screen display choices. Login cookies last for two days, and screen options cookies last for a year. If you select “Remember Me”, your login will persist for two weeks. If you log out of your account, the login cookies will be removed.
If you edit or publish an article, an additional cookie will be saved in your browser. This cookie includes no personal data and simply indicates the post ID of the article you just edited. It expires after 1 day.
Embedded content from other websites
Articles on this site may include embedded content (e.g. videos, images, articles, etc.). Embedded content from other websites behaves in the exact same way as if the visitor has visited the other website.
These websites may collect data about you, use cookies, embed additional third-party tracking, and monitor your interaction with that embedded content, including tracking your interaction with the embedded content if you have an account and are logged in to that website.
Who we share your data with
If you request a password reset, your IP address will be included in the reset email.
How long we retain your data
If you leave a comment, the comment and its metadata are retained indefinitely. This is so we can recognize and approve any follow-up comments automatically instead of holding them in a moderation queue.
For users that register on our website (if any), we also store the personal information they provide in their user profile. All users can see, edit, or delete their personal information at any time (except they cannot change their username). Website administrators can also see and edit that information.
What rights you have over your data
If you have an account on this site, or have left comments, you can request to receive an exported file of the personal data we hold about you, including any data you have provided to us. You can also request that we erase any personal data we hold about you. This does not include any data we are obliged to keep for administrative, legal, or security purposes.
Data Processing
Definitions:–
Data Protection Legislation: the General Data Protection Regulation 2018 (“GDPR”) as amended or updated from time to time, or any successor legislation.
Personal Data: any information relating to an identified or identifiable natural person (a “data subject”); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier, or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural, or social identity of that natural person.
For the purposes of the Data Protection Legislation, the Customer is the data controller and LRF Personal Training Limited is the data processor (where Data Controller and Data Processor have the meanings as defined in the Data Protection Legislation).
LRF Personal Training Limited shall, in relation to any Personal Data processed in connection with the performance by us of our obligations:-
(a) process that Personal Data only on the written instructions of the Customer;
(b) ensure that it has in place appropriate technical and organisational measures (that can be reviewed and approved by the Customer at the Customer’s request) to protect against unauthorised or unlawful processing of Personal Data and against accidental loss or destruction of, or damage to, Personal Data, appropriate to the harm that might result from the unauthorised or unlawful processing or accidental loss, destruction or damage and the nature of the data to be protected, having regard to the state of technological development and the cost of implementing any measures (those measures may include, where appropriate, pseudonymising and encrypting Personal Data, ensuring confidentiality, integrity, availability and resilience of its systems and services, ensuring that availability of and access to Personal Data can be restored in a timely manner after an incident, and regularly assessing and evaluating the effectiveness of the technical and organisational measures adopted by it);
(c) ensure that only those individuals that need to access or process Personal Data will have access to and/or process Personal Data and those individuals are and will continue to be obliged to keep the Personal Data strictly confidential in compliance with the Data Protection Legislation;
(d) assist the Customer, at the Customer’s request and reasonable cost, in responding to any request from a Data Subject and in ensuring compliance with its obligations under the Data Protection Legislation with respect to security, breach notifications, impact assessments and consultations with supervisory authorities or regulators;
(e) notify the Customer and the Information Commissioner’s Office (“ICO”) without undue delay (and in any event in compliance with the required timescales set out in the Data Protection Legislation) on becoming aware of a Personal Data breach; and
(f) at the written direction of the Customer, delete or return Personal Data and copies thereof to the Customer on termination of the agreement unless required by the Data Protection Legislation to store the Personal Data.
The Customer will be required to provide consent to LRF Personal Training Limited to appoint Stripe as a third-party processor of Personal Data. LRF Personal Training Limited confirms that it has entered or (as the case may be) will enter with the third-party processor into a written agreement substantially on that third party’s standard terms of business, but in any event, that such terms will ensure compliance by the third party with the Data Protection Legislation.