Privacy Policy | Kate Crofts Fitness

Effective date: 13/10/2026

This Privacy Policy explains how Kate Crofts Fitness ("we", "us", "our") collects, uses, discloses, and protects your personal data when you visit our website, book classes or bootcamps, purchase services, or otherwise interact with us. We are committed to protecting your privacy and complying with applicable data protection laws, including the UK GDPR, the Data Protection Act 2018, and PECR (Privacy and Electronic Communications Regulations).

Important: Some of the information we process (e.g., fitness and health-related information) can be special category data. We only process such data with your explicit consent or where another lawful basis applies.

1. Who we are

Data Controller: Kate Crofts Fitness
Registered address: 10 Salisbury Road, Godstone, Surrey RH98AB
Email: info@katecrofts.com

If you have questions about this policy or how we handle your data, contact us at the details above.

2. The data we collect

The types of personal data we collect depend on how you interact with us. We collect:

A. Identity & contact data – name, email address, phone number, postal address, emergency contact details.

B. Booking & transaction data – class, bootcamp, Pilates, spin, or Zoom session bookings, membership details, invoices, partial payment card details (last 4 digits), and payment confirmations (via our payment provider).

C. Fitness & wellbeing data (special category) – PAR-Q responses, disclosed health history, injuries, accessibility needs, goals, attendance, performance notes, and any information you choose to share about your physical or mental wellbeing.

D. Device & usage data – IP address, browser type, device identifiers, pages viewed, and interactions collected via cookies and similar technologies.

E. Marketing & communications data – preferences for receiving marketing from us, feedback, testimonials, survey responses.

We collect data directly from you (forms, bookings, messages), automatically (cookies, analytics), and from third parties (e.g., payment or scheduling providers).

3. Lawful bases for processing

We process your personal data under one or more of the following legal bases:

Contract – to provide our classes, manage bookings, process payments, and deliver customer support.
Consent – for marketing emails, cookies (where required), and special category data (e.g., health or injury details). You can withdraw consent at any time.
Legitimate interests – to operate and improve our services, keep participants safe, prevent fraud, and communicate updates.
Legal obligation – to comply with tax, accounting, and health & safety laws.
Vital interests – in emergencies where we must protect you or another person.

4. How we use your data

We use your personal data to:

Manage bookings, memberships, and class schedules (in-person and Zoom).
Deliver fitness, bootcamp, Pilates, and spin classes tailored to your ability and health (with consent where required).
Process payments securely and issue receipts.
Communicate service updates, schedule changes, and important notices.
Send marketing or wellbeing updates (with your consent).
Improve our website and services through analytics.
Comply with legal or insurance requirements.

5. Cookies & analytics

We use cookies to operate our site and understand user behaviour. Non-essential cookies (e.g., analytics or marketing) are used only with your consent.

Examples:

Essential: Site security, class booking sessions.
Analytics: Google Analytics for measuring site use.
Advertising: Meta Pixel for promotional campaigns.

You can manage cookies through your browser or our cookie banner. See our Cookie Notice for details.

6. Disclosures of your data

We share personal data with trusted service providers to help operate our business:

Website & hosting providers (e.g., Wix, Squarespace, or equivalent)
Payment processors (PayPal)
Scheduling and booking systems (Bookfit)
Email & communication platforms (e.g., Mailchimp or WhatsApp)
Professional advisors (e.g., accountants, insurers)
Emergency services if required, to protect health and safety

All partners are bound by contracts to safeguard your data and use it only as instructed. We do not sell or rent your personal data.

7. International transfers

Where personal data is transferred outside the UK, we ensure appropriate safeguards such as the UK International Data Transfer Addendum or Standard Contractual Clauses.

8. Data retention

We keep your data only as long as necessary for the purposes described:

Booking and transaction records: 6 years (for tax/legal compliance)
Fitness/health records (PAR-Q, injury info): 2 years after your last class unless consent is withdrawn sooner
Marketing data: until you unsubscribe or request deletion
Website analytics: per tool’s retention period (e.g., 14–26 months)

9. Your rights

Under the UK GDPR you have rights to:

Access and receive a copy of your data
Rectify inaccuracies
Erase data (right to be forgotten)
Restrict or object to processing
Data portability
Withdraw consent at any time

To exercise these rights, contact us via the email above. You may also complain to the Information Commissioner’s Office (ICO) at ico.org.uk or 0303 123 1113.

10. Children’s data

We only collect data about minors with parental or guardian consent. We take additional steps to safeguard children’s information.

11. Security

We use appropriate safeguards including encryption, secure storage, and limited access to protect your data. However, no system is completely secure.

12. Third‑party links

Our site may link to external sites. We are not responsible for their privacy policies—please review them separately.

13. Policy updates

We may update this policy periodically and will publish updates on this page with a new effective date.

14. Contact us

For questions or to exercise your rights, contact:

Kate Crofts Fitness
Grange Meadow, Bletchingley, Surrey, United Kingdom
Email: info@katecrofts.com