Naturally Healthy Women Limited (“we” or “Grace Belgravia”) take the protection of your privacy and personal data very seriously.
This policy (together with, if applicable, our Grace Club Handbook & Rules, membership form and, Medical Registration Form and any other documents referred to in any of those (all together, “Grace Terms”)) sets out the basis on which any personal data we collect from you, or that you provide to us, will be processed by us. Please read the following carefully to understand our views and practices regarding your personal data and how we will treat it. By visiting www.gracebelgravia.com (our “site”) or by becoming a Grace Belgravia member, booking a Grace Belgravia class or booking or visiting any of our facilities, you are accepting and consenting to the practices described in this policy.
For the purpose of the Data Protection Act 1998 (the “Act”) and subsequent data protection legislation, the data controller is Naturally Healthy Women Limited of 11c West Halkin Street, London, SW1X 8JL which trades at Grace Belgravia.
INFORMATION WE COLLECT FROM YOU
We will collect and process the following data about you:
Information you give us. This is information about you that you give us by filling in forms that we may give you or you may find on our site or at our premises, or by corresponding with us by phone, e-mail or otherwise. It includes information you provide when you register to use our site, apply for membership, book a class, consultation or restaurant table, register with Grace Medical, browse the site, place an order on the site, enter a competition, promotion or survey, ask us a question and when you report a problem with our site or our services. The information you give us may include your name, job title, address, e-mail address and phone number, financial and credit card information, personal description and photograph, preferences and interests, and may also include information concerning your health and your wellness and fitness goals.
Information we collect about you. With regard to each of your visits to our site we will automatically collect the following information:
- technical information, including the Internet protocol (IP) address used to connect your computer to the Internet, your login information, the type of device you are browsing on, browser type and version, time zone setting, location setting, your demographic information, browser plug-in types and versions, operating system and platform, service provider;
- information about your visit, including the full Uniform Resource Locators (URL), clickstream to, through and from our site (including date and time), products you viewed or searched for or purchased, page response times, download errors, length of visits to certain pages, page interaction information (such as scrolling, clicks, and mouse-overs), methods used to browse away from the page, and any phone number used to call our customer service number.
Information we receive from other sources. We may receive information from you from third parties that may include data concerning you, your health and your wellness; We also work closely with third parties (including, for example, business partners, sub-contractors in technical, payment and delivery services, analytics providers, search information providers).
USES MADE OF THE INFORMATION
We use information held about you in the following ways:
Information you give to us. We will use this information:
- to provide you with the best, most tailored services and experience we can in relation to your health, your wellness and fitness goals and otherwise;
- to carry out our obligations arising from any contracts entered into between you and us and to provide you with the information, products and services that you request from us and expect of us;
- to provide you with information about other goods and services we offer that are similar to those that you have already purchased or enquired about;
- to undertake certain market research activities;
- to notify you about changes to our services;
- to ensure that content from our site is presented in the most effective manner for you and for your computer.
Information we collect about you. We will use this information:
- to administer our site and for internal operations, including troubleshooting, data analysis, testing, research, statistical and survey purposes;
- to improve our site to ensure that content is presented in the most effective manner for you and for your computer;
- to allow you to participate in interactive features of our services, when you choose to do so;
- as part of our efforts to keep our site safe and secure;
- to measure or understand the effectiveness of information we serve to you and others, and to deliver relevant information to you;
- to make suggestions and recommendations to you and other users of our site about goods or services that may interest you or them.
Information we receive from other sources. We will combine this information with information you give to us and information we collect about you. We will use this information and the combined information for the purposes set out above (depending on the types of information we receive).
DISCLOSURE OF YOUR INFORMATION
We will never sell your personal information to any third party for marketing purposes.
You agree that we have the right to share your personal information with:
- Those in respect of whom you have given us your consent to share that information;
- Any member of our group from time to time, which means our subsidiaries, our ultimate holding company and its subsidiaries, as defined in section 1159 of the UK Companies Act 2006.
- Selected third parties including business partners, suppliers and sub-contractors for the performance of any contract we enter into with them or you.
We will disclose your personal information to third parties:
- In the event that we sell or buy any business or assets, in which case we will disclose your personal data to the prospective seller or buyer of such business or assets.
- If Naturally Healthy Women Limited or substantially all of its assets are acquired by a third party, in which case personal data held by it about its customers will be one of the transferred assets.
- If we are under a duty to disclose or share your personal data in order to comply with any legal obligation, or in order to enforce or apply the Grace Terms and other agreements; or to protect the rights, property, or safety of Grace Belgravia, our customers, or others. This includes exchanging information with other companies and organisations for the purposes of fraud protection.
WHERE WE STORE YOUR PERSONAL DATA
All information you provide to us is stored on our secure servers. Any payment transactions will be encrypted using SSL technology and we use PCI-compliant service providers. Where we have given you (or where you have chosen) a password which enables you to access certain parts of our site, you are responsible for keeping this password confidential. We ask you not to share a password with anyone.
Unfortunately, the transmission of information via the internet is not completely secure. Although we will do our best to protect your personal data, we cannot guarantee the security of your data transmitted to our site; any transmission is at your own risk. Once we have received your information, we will use strict procedures and security features to try to prevent unauthorised access.
HOW LONG WE STORE YOUR PERSONAL DATA
We will generally store your personal data for one year beyond the statutory retention period. If there is no such period or if we think your data may be relevant to a possible legal claim, we may retain your data for a period of up to one year beyond the end of the statutory limitation period. After expiration of those periods, we will usually delete the relevant data as it is no longer necessary for the fulfilment of a contract.
You have the right to ask us not to process your personal data for marketing purposes. You can exercise your right to prevent such processing by checking certain boxes on the forms we use to collect your data. You can also exercise the right at any time by contacting us at email@example.com or filling in the enquiry form in Your Account page within your member’s account.
Our site may, from time to time, contain links to and from the websites of our partner networks, advertisers and affiliates. If you follow a link to any of these websites, please note that these websites have their own privacy policies and that we do not accept any responsibility or liability for these policies. Please check these policies before you submit any personal data to these websites.
YOUR RIGHTS UNDER THE GENERAL DATA PROTECTION REGULATION (“GDPR”)
This GDPR comes into force on 25 May 2018 and as of that date you will have the rights set out in this section. You may be able to exercise some of these rights directly through the functionality we provide on our site. Alternatively, or where that is not possible, or if you wish to ask a question about your rights, please contact Us on firstname.lastname@example.org.
With effect from 25 May 2018, you shall have the right, in accordance with the GDPR, to obtain from us the following:
Right of confirmation
Confirmation as to whether or not personal data concerning you are being processed.
Right of access
Free information about the personal data we store about you at any time and to receive a copy of it.
Right to rectification
Rectification without undue delay of inaccurate personal data about you.
Right to erasure (Right to be forgotten)
The erasure of personal data concerning you without undue delay, subject to our legal rights and obligations to retain the same.
Right of restriction of processing
Restriction of processing where:
- you contest the accuracy of the personal data, for a period while We verify its accuracy;
- the processing is unlawful and you oppose the erasure of your personal data and request that it be restricted instead;
- we no longer need your personal data for the purposes of the processing, but do require them for the establishment, exercise or defence of legal claims; and
- you do not agree with our assessment that the processing is permitted for our “legitimate interests”, for a period while verification is carried out as to whether those interests override your own interests.
- Right to data portability
You shall have the right to have the personal data concerning you, which was provided to us, in a structured, commonly used and machine-readable format and to have it transmitted to another entity (to the extent that such data was processed by us on the basis of consent or because such processing was necessary for the performance of a contract).
Additionally, you will have the following rights:
Right to object
- on grounds relating to your particular situation, at any time, to processing of personal data concerning you, which is based on our legitimate interests. This also applies to profiling based on these provisions;
- to object to our processing of personal data for direct marketing purposes. This applies to profiling to the extent that it is related to such direct marketing;
Automated individual decision-making, including profiling.
Not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning you, or similarly significantly affects you.