Privacy Policy

Privacy Policy — Charlie Jones PT

Effective Date: 1 January 2026
Last Updated: 30 December 2025

Charlie Jones PT (“we”, “us”, “our”, or “CJPT”) is committed to protecting your privacy. This Privacy Policy explains how we collect, use, store, and protect your personal data when you engage with our small group personal training services, in accordance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

1. Who We Are

Charlie Jones PT is a small group personal training gym operating in the UK.

Contact details:
Email: [email protected]

For the purposes of data protection law, we are the data controller of your personal data.

2. What Personal Data We Collect

We may collect and process the following types of personal data:

a) Identity and Contact Information

• Name

• Email address

• Telephone number

• Date of birth

b) Membership and Booking Information

• Membership type and status

• Session bookings and attendance history

• Communications relating to your membership

c) Payment Information

• Payment method details (processed securely by third-party payment providers)

• Transaction history and payment status

We do not store full card details on our own systems.

d) Health and Fitness Information

• Health questionnaires and PAR-Q responses

• Injury history or medical information you choose to disclose

• Fitness assessments, goals, and progress data

This information is classed as special category data and is handled with additional care.

e) Communications

• Emails, messages, and enquiries sent to us

• Customer service interactions

f) Photography and Video (Optional)

• Images or video recordings where you have given consent

3. How We Use Your Personal Data

We use your personal data for the following purposes:

• Administering your membership and bookings

• Delivering small group personal training services safely and effectively

• Communicating with you about sessions, changes, or important updates

• Processing payments and maintaining financial records

• Complying with legal and regulatory obligations

• Improving our services and member experience

4. Lawful Bases for Processing

We process your personal data only where permitted by law, relying on one or more of the following lawful bases:

a) Performance of a Contract

Where processing is necessary to provide the services you have signed up for.

b) Legal Obligation

Where required to meet accounting, tax, or regulatory requirements.

c) Legitimate Interests

Where processing is necessary for the operation of our business, provided your rights are not overridden.

d) Consent

Where required for:

• Marketing communications

• Use of images or videos

• Processing certain health or fitness information

You may withdraw consent at any time.

5. Health and Special Category Data

Health and fitness information is collected only to:

• ensure safe participation in training; and

• tailor sessions appropriately.

We process this data with your explicit consent or where necessary to deliver services safely. Access is limited to authorised staff only.

6. Marketing Communications

We may send you service-related communications and, where you have consented, marketing communications.

You can opt out of marketing at any time by:

• using the unsubscribe link in emails; or

• contacting us directly.

Opting out will not affect your membership.

7. Photography and Video Content

From time to time, photographs or videos may be taken during training sessions.

• Participation is entirely optional

• Consent will be obtained verbally or in writing where required

• You may withdraw consent at any time

Withdrawal of consent will not affect your membership or access to services.

8. Sharing Your Data

We do not sell your personal data.

We may share your data with trusted third parties where necessary, including:

• Payment processors

• Booking and membership management platforms

• Professional advisers (e.g. accountants)

All third parties are required to handle data securely and in accordance with data protection law.

9. Data Retention

We retain personal data only for as long as necessary:

• Membership and financial records: up to 7 years

• Health and fitness data: retained only while your membership is active or as required for safety

• Marketing data: until consent is withdrawn

Data is securely deleted or anonymised when no longer needed.

10. Data Security

We take appropriate technical and organisational measures to protect your data, including:

• Secure systems and access controls

• Restricted staff access to personal data

• Use of reputable third-party platforms

11. Your Rights

Under UK GDPR, you have the right to:

• Access your personal data

• Request correction of inaccurate data

• Request erasure of your data

• Restrict or object to processing

• Request data portability

• Withdraw consent at any time

To exercise your rights, please contact us using the details above.

12. Complaints

If you have any concerns about how we handle your personal data, please contact us so we can try to resolve the issue.

You also have the right to complain to the Information Commissioner’s Office (ICO):

Website: https://www.ico.org.uk

13. Changes to This Policy

We may update this Privacy Policy from time to time. The most recent version will always be available upon request or via our website.