Privacy Policy

Cartwright Fitness Limited Privacy Policy

WHO WE ARE

In this Privacy Policy references to “we”, “us” and “our” are to Cartwright Fitness Limited. We are a company registered in England and Wales. Our company registration number is 08683967.Our registered office is at 106 Butterbache Road, Chester, CH3 6DF, UK. The reference we make to “our Website” or “the Website” are to www.cartwrightfitness.co.uk

We are registered with the Information Commissioner’s Office as a data controller under number ZA250326.

This Privacy Policy sets out how we collect, process and protect any information (including personal data) that you give when you use this website, or communicate with us in any way.

If you have any questions about your personal data and this Privacy Policy you can contact us for more information any time by emailing [email protected] or by calling 01244 346 106

OUR PRIVACY PROMISE

We promise to keep your personal data safe and private, not to sell your personal data, and to give you a simple way to view and manage your marketing and communication choices at any time.

THIS POLICY AND THE GDPR

GDPR stands for the General Data Protection Regulation, a European privacy law approved by the European Commission in 2016. The GDPR will replace a prior European Union privacy directive known as Directive 95/46/EC (the “Directive”), which has been the basis of European data protection law since 1995.

The GDPR is an attempt to strengthen, harmonise, and modernise EU data protection law and enhance individual rights and freedoms, consistent with the European understanding of privacy as a fundamental human right. The GDPR regulates, among other things, how individuals and organisations may obtain, use, store, and eliminate personal data. It applies to any organisation processing personal data of EU citizens.

Personal data will now include not only data that is commonly considered to be personal in nature (e.g. names, physical addresses, email addresses), but also data such as IP addresses, behavioural data, location data, financial information, and more.

The GDPR was adopted in April 2016, but will officially be enforceable on 25th May 2018.

This Privacy Policy has been designed to comply with these new regulations. It will inform you about what kind of information we may collect, how we collect it, why we collect it, the legal basis for collecting it and your rights under the GDPR.

CHANGES TO THIS POLICY

We may change this Privacy Policy from time to time by updating this page. Any changes will be effective immediately upon notice which we may give by any means, including updating this page. You should revisit this page regularly to stay informed of the most up-to-date Privacy Policy.

This Privacy Policy was last updated 18th May 2018.

INFORMATION WE COLLECT

Cartwright Fitness Limited will ensure that all personal data is processed lawfully, fairly and in a transparent manner. We only collect and store contact details provided by yourself for our own records, and for sending out order updates, news updates and direct marketing campaigns. This means that only personal data which is relevant for these purposes will be processed, and we will not collect or store any personal data which is not strictly required. All data will be given freely and with your expressed consent, and will be accurate to our knowledge.

There are two categories of information we collect:

1. Information you give to us

a) Information necessary to process your order – We ask for this information when you place an order with us so that we can deliver the order, process payment and update you with any related delivery notifications

i) Payment information – Payments are processed using our account at Stripe Inc. on their secure platform and will include the method, date and time, amount, card expiry date, billing postcode, your address and other related information. This information is required and necessary for performance of our contract with you. We do not have sight of the card number or CVV code at any time, but this will be held securely by Stripe Inc who are audited and certified as a PCI Service Provider Level 1.

ii) Address information – When you place an order, we use this information to process the delivery with our courier. Email and contact telephone numbers will be used to create delivery notifications and will be passed over to our chosen courier but for this means of delivery contact/tracking only and if necessary.

iii) Communications – We may contact you via phone or email to update you on your order or tell you about any possible delays/order queries. This would be customer service related.

  1. Information you choose to give us – your name and email address when you sign up to our newsletter

a) Newsletter emails – these will be sent out to you if you have registered an interest and have signed up for the service. Emails will contain news updates, blogs and direct marketing. You are given the opportunity to opt at any time or can contact us at [email protected]

HOW WE USE THIS INFORMATION

We may use and disclose personal data only for the following purposes:
1. To communicate with customers  and provide customer support.
2. To send you information and promotional material to you by email. You will only receive this information if you have positively opted in and you can stop receiving this content at any time.
3. To send you alerts and notifications by email based on transactions you make on the site – such as placing an order or leaving a review.
4. To charge and collect money from our customers. We use a third party (Stripe) for secure card payment processing, and we send billing information to them for processing orders and payments. We use third party accounting systems (Quickbooks) to manage our financial accounts. We send them billing information for this purpose. We may send messages to you directly from Quickbooks email system.

THIRD PARTY LINKS

Cartwright Fitness includes links to third party, social media sites (such as Facebook or Twitter). We do not control these sites and when you visit them you may be providing personal data to the third party. The third party’s use of your information will be governed by their own Privacy Policy which we recommended you review. We do not accept any responsibility or liability for their policies whatsoever.

RECIPIENTS OF THE YOUR DATA (WHO WE MAY SHARE IT WITH)

1. Our Employees:
You data will be shared with our employees, who enable us to provide the service. We need to share this information in order to ensure the adequate performance of our contract with you. Such recipients will have entered into a contract to keep your data safe and private and in a manner that is consistent with this Privacy Policy.

2. Service Providers:
We use a variety of third party service providers (TTPs) to help us who help us provide and support our services. We need to share this information in order to ensure the adequate performance of our contract with you. These TTPs would be classed as “data processors” under GDPR. Examples of TTPs we use include payment processors, hosting services, financial and accounting systems and courier delivery services. All TTPs enter into a contract that requires them to use your personal data only for the provision of services to us and in a manner that is consistent with this Privacy Policy.

TRANSFERS TO THIRD PARTY PROCESSORS AND OUTSIDE THE EU

We are a UK registered company, operating in the UK and our website and service is available to anyone worldwide. We use a number of Third Party Processors (TTPs) to enable us to provide and support the website and service to our customers. Some of these TTPs are based outside the European Economic Area (EEA) and data is processed on servers located outside the EEA. These TTPs have limited access to your information and perform process on our behalf. We only use TTPs who we are confident have the appropriate safeguards in place and they are contractually bound to protect and use it only for the purposes for which it was transferred, consistent with this Privacy Policy.

Examples of TTPs we use include (but are not limited to):
Hosting – WordPress
Email – Mailchimp
SaaS – Quickbooks, Stripe, PayPal

YOUR RIGHTS

The GDPR provides the following rights for individuals:

1. Right to be informed
You have the right to be informed about the collection and use of personal data. This Privacy Policy should contain all the information you need for you to exercise this right.

2. Right of access
You have the right to access your personal data and supplementary information. You can access and update some of your personal data through your account settings.

3. Right to rectification
You have the right to ask us to have inaccurate personal data rectified, or completed if it is incomplete, where you cannot do this yourself in your account settings.

4. Right to erasure
You have a right to have your personal data erased. This is also known as the “right to be forgotten”. You can ask us to delete your data by emailing us at [email protected] We will respond to a request for erasure within one month. We may ask you to verify your identity.

5. Right to restrict processing
In certain circumstances, you have a right to restrict the way we may process your personal data, as an alternative to erasing it, if you have a particular reason for wanting it restricted

6. Right to data portability
Your right to data portability entitles you to obtain personal data you have provided to us – in a commonly used, structured format – and request that we send it to another service provider (if technically feasible).

HOW LONG WE MAY KEEP YOUR DATA

We generally retain your information for as long as your account is active or as long as necessary to provide you with our service. We may also retain and use your information in order to comply with accounting policies.
SECURITY

Cartwright Fitness Limited will do everything in our power to ensure that personal data is appropriately secure and protected from unauthorised or unlawful processing, and against accidental loss, damage or deletion. Your personal data is stored on a password protected database which will only be accessible by the company director and company administrator. We will continue to upgrade our security measure in accordance with technological development. The personal data you provide will be stored in this manner indefinitely, unless you instruct us otherwise.