We are registered with the Information Commissioner’s Office as a data controller under number ZA250326.
We promise to keep your personal data safe and private, not to sell your personal data, and to give you a simple way to view and manage your marketing and communication choices at any time.
GDPR stands for the General Data Protection Regulation, a European privacy law approved by the European Commission in 2016. The GDPR will replace a prior European Union privacy directive known as Directive 95/46/EC (the “Directive”), which has been the basis of European data protection law since 1995.
The GDPR is an attempt to strengthen, harmonise, and modernise EU data protection law and enhance individual rights and freedoms, consistent with the European understanding of privacy as a fundamental human right. The GDPR regulates, among other things, how individuals and organisations may obtain, use, store, and eliminate personal data. It applies to any organisation processing personal data of EU citizens.
Personal data will now include not only data that is commonly considered to be personal in nature (e.g. names, physical addresses, email addresses), but also data such as IP addresses, behavioural data, location data, financial information, and more.
The GDPR was adopted in April 2016, but will officially be enforceable on 25th May 2018.
Cartwright Fitness Limited will ensure that all personal data is processed lawfully, fairly and in a transparent manner. We only collect and store contact details provided by yourself for our own records, and for sending out order updates, news updates and direct marketing campaigns. This means that only personal data which is relevant for these purposes will be processed, and we will not collect or store any personal data which is not strictly required. All data will be given freely and with your expressed consent and will be accurate to our knowledge.
There are two categories of information we collect:
1. The information you give to us
a) Information necessary to process your order – We ask for this information when you place an order with us so that we can deliver the order, process payment and update you with any related delivery notifications
i) Payment information – Payments are processed using our account at Stripe Inc. on their secure platform and will include the method, date and time, amount, card expiry date, billing postcode, your address and other related information. This information is required and necessary for the performance of our contract with you. We do not have sight of the card number or CVV code at any time, but this will be held securely by Stripe Inc who are audited and certified as a PCI Service Provider Level 1.
ii) Address information – When you place an order, we use this information to process the delivery with our courier. Email and contact telephone numbers will be used to create delivery notifications and will be passed over to our chosen courier but for this means of delivery contact/tracking only and if necessary.
iii) Communications – We may contact you via phone or email to update you on your order or tell you about any possible delays/order queries. This would be customer service related.
- Information you choose to give us – your name and email address when you sign up to our newsletter
a) Newsletter emails – these will be sent out to you if you have registered an interest and have signed up for the service. Emails will contain news updates, blogs and direct marketing. You are given the opportunity to opt at any time or can contact us at [email protected]
We may use and disclose personal data only for the following purposes:
1. To communicate with customers and provide customer support.
2. To send you information and promotional material to you by email. You will only receive this information if you have positively opted in and you can stop receiving this content at any time.
3. To send you alerts and notifications by email based on transactions you make on the site – such as placing an order or leaving a review.
4. To charge and collect money from our customers. We use a third party (Stripe) for secure card payment processing, and we send billing information to them for processing orders and payments. We use third-party accounting systems (Quickbooks) to manage our financial accounts. We send them billing information for this purpose. We may send messages to you directly from Quickbooks email system.
1. Our Employees:
2. Service Providers:
Examples of TTPs we use include (but are not limited to):
Hosting – WordPress
Email – Conversio
SaaS – Quickbooks, Stripe, PayPal
The GDPR provides the following rights for individuals:
1. Right to be informed
2. Right of access
You have the right to access your personal data and supplementary information. You can access and update some of your personal data through your account settings.
3. Right to rectification
You have the right to ask us to have inaccurate personal data rectified, or completed if it is incomplete, where you cannot do this yourself in your account settings.
4. Right to erasure
You have a right to have your personal data erased. This is also known as the “right to be forgotten”. You can ask us to delete your data by emailing us at [email protected] We will respond to a request for erasure within one month. We may ask you to verify your identity.
5. Right to restrict processing
In certain circumstances, you have a right to restrict the way we may process your personal data, as an alternative to erasing it, if you have a particular reason for wanting it restricted
6. Right to data portability
Your right to data portability entitles you to obtain personal data you have provided to us – in a commonly used, structured format – and request that we send it to another service provider (if technically feasible).
We generally retain your information for as long as your account is active or as long as necessary to provide you with our service. We may also retain and use your information in order to comply with accounting policies.
Cartwright Fitness Limited will do everything in our power to ensure that personal data is appropriately secure and protected from unauthorised or unlawful processing, and against accidental loss, damage or deletion. Your personal data is stored on a password protected database which will only be accessible by the company director and company administrator. We will continue to upgrade our security measure in accordance with technological development. The personal data you provide will be stored in this manner indefinitely unless you instruct us otherwise.