Annie Deadman Ltd (we/us/our) respect and value the privacy of everyone who visits our websites; anniedeadmantraining.co.uk and/or anniedeadman.com and/or theblastplan.com (“Our Sites”) and those who enquire and/or purchase our products and services from either Annie Deadman Training and/or The Blast Plan. We will only collect and use personal data in ways that are described here, and in a manner that is consistent with Our obligations and your rights under the law. Annie Deadman Ltd are the data controllers of this information for the purposes of this policy.
- What Does This Policy Cover?
- Personal Information We Collect And Why We Collect It
Supplying our products and services to you: The Blast Plan theblastplan.com
Information you give us when you purchase a Blast Plan. This is information you provide when you purchase one of products and may include; your name, your username when you create your account, your address including postcode, your email address, your phone number. This information is held on Our Site, which is hosted by DreamHost, and is also transferred to our email provider, Campaign Monitor. We consider both of these providers as Third Party Processors (see section 4).
We may also collect from you the following data; your body measurements, weight and anonymised ‘before and after’ photos and any lifestyle and dietary information via direct email with you. Our emails are hosted by DreamHost (see section 4). This data is held securely on our internal systems and is used to tailor our products and services to you. We will use this information, and that in the paragraph above, to ensure we fulfil our contract with you.
We may wish to use your ‘before and after’ photos along with your body measurement and weight statistics for publicity purposes. We will always contact you beforehand to gain your expressed written permission to allow this data to be used in the manner requested by us. If we do use your data publicly it will always be anonymised and photos cropped at the neck to ensure anonymity, at no time will you be identifiable.
Supplying our products and services to you: Annie Deadman Training anniedeadmantraining.co.uk
Information you give us on our ‘Trial Fitness Class’ form. You will have completed this short form if you had a trial fitness class before joining officially. This data includes your name, email address, emergency contact name and their phone number. This is a paper based record. It will not be processed for any other purposes other than providing you with information regarding the products and services you have shown an interest in by joining one of our Fitness Class Trials and contacting you by email to receive your feedback. This data may be transferred to Campaign Monitor (see section 4) in order that we can stay in contact with you. This paper form is kept securely for one year and thereafter it will be destroyed safely.
Information you give us on our ‘Fitness and Pilates PARQ’ and/or our ‘In-Person Blast Plan’ questionnaires. This data includes your name, address including postcode, email address, telephone number, emergency contact name and their phone number, name and address of your General Practitioner, your medical history and information relating to your lifestyle and diet. This is hosted on Google Forms, whom we considered to be a third party data processor – see section 4. We may also collect from you, your body measurement data including weight and anonymised ‘before and after’ photos. This data is kept securely on our internal systems. The data, provided by you, on this questionnaire is necessary in order that we can supply our products and services to you and to ensure we can safely fulfil our contract with you. We also use this information to communicate with you and handle your enquiries regarding your contract with us.
Supplying our products and services to you: theblastplan.com and anniedeadmantraining.co.uk
We may also collect your views and comments in respect of our products and services we have provided to you via a survey powered by SurveyMonkey. We consider SurveyMonkey to be a Third Party Processor. We will not use the information you provide for any purposes other than our own internal purposes. Should we wish to use publicly any comments/views you have expressed we will contact you before to gain your permission. These views/comments will always be anonymised and you will not be identifiable.
Your data will not be processed nor shared with anyone else other than that detailed above and/or in section 4. Your data will be held for up to six years after you cease to be a client of Ours – this ensures there is appropriate evidence in place if there is a claim for breach of contract made within the statutory limited periods.
Information you give us on our ‘Contact Us’ forms. Should you choose to contact us using the contact form on our Contact Us page, on any of Our Sites, your name and email address along with your request/enquiry will be stored by Our Sites which is hosted by DreamHost (see section 4). It will not be passed to nor processed by any other third party data processor other than those mentioned in section 4. The data will be collated into an email and sent to us over the Simple Mail Transfer Protocol (SMTP). Our SMTP servers are protected by TLS (sometimes known as SSL) meaning that the email content is encrypted using SHA-2 256-bit cryptography before being sent across the internet. The email content is then decrypted by our local computers and devices. This information is used to make contact with you and answer your enquires and will not be used for any other purposes. This data will be kept until you ask us to delete it.
Marketing with your consent
If you consent to join our mailing list we may use your data to contact you via email with information, news, updates and offers on Our products and services. We will not, however, send you any unsolicited marketing or spam and will take all reasonable steps to ensure that We fully protect your rights and comply with Our obligations under the GDPR.
Your name and email address you submit when you consent to join our mailing list is forwarded directly to Campaign Monitor (see section 4). The email address that you submit will not be stored within Our Sites’ own databases or in any of our internal computer systems.
Your name and email address will remain within Campaign Monitor’s database for as long as we continue to use Campaign Monitor’s services.
If you are under 18 years of age you MUST obtain parental consent before joining our mailing list.
Other legitimate purposes
Providing and managing access to our Sites
Like most websites, Our Sites use Google Analytics (GA) to track user interaction. We use this data to determine the number of people using our Sites, to better understand how they find and use our web pages and to see their journey through the websites. We consider Google to be a third party processor – see section 4.
Expressed interests or made a purchase of our products/services
If you have enquired or bought a product or service from us in the past we will use your name and email address provided at that time to reconnect with you and inform you of similar products, offers, discounts and keep you updated by email.
Your data will be held in Campaign Monitor (see section 4).
Your data will not be passed on to any other third parties, other than those detailed in section 4, nor used for any other purposes. Your name and email address will remain within Campaign Monitor’s database for as long as we continue to use Campaign Monitor.
Annie Deadman Ltd retains records of all of its financial transactions with you for six years in order to comply with its legal obligations to maintain adequate accounting records. Annie Deadman Ltd may use (and disclose) the information it holds about you in order to comply with any investigative demand, court order, or a request for cooperation from law enforcement or other government agency.
Your right to withdraw consent
You have the right to withdraw your consent at any time. You can do this by unsubscribing using the unsubscribe links contained in any emails that we send you or emailing firstname.lastname@example.org to request your data to be deleted.
- How We Store Your Personal Information
All personal data is processed and stored securely and kept as detailed in sections 2 and 4. We will comply with Our obligations and safeguard your rights under the GDPR at all times.
- Our Third Party Processors And The Data They Hold
We contract with third parties to supply services on Our behalf. These can include payment processing, delivery of goods, search engine facilities, advertising, and marketing. In some cases, the third parties may require access to some or all of your data. Where any of your data is required for such a purpose, we will take all reasonable steps to ensure that your data will be handled safely, securely, and in accordance with your rights, Our obligations, and the obligations of the third party under the law.
Some or all of your data may be stored outside of the European Economic Area (“the EEA”) (The EEA consists of all EU member states, plus Norway, Iceland, and Liechtenstein) with our Third Party Processors. You are deemed to accept and agree to this by using either or both of Our Sites and submitting information to Us. If We do store data outside the EEA, We will take all reasonable steps to ensure that your data is treated as safely and securely as it would be within the UK and GDPR.
Our current Third Party Processors are:
Google Analytics (GA) records data such as your geographical location, device, internet browser and operating system, none of this information personally identifies you to us. GA also records your computer’s IP address which could be used to personally identify you but Google do not grant us access to this.
Campaign Monitor holds the following data; your name, your email address, your profile picture if you have set this up within your email provider, your IP address, your geographical location, the device you use to read our email on, the geographical location where and when you opened the email and which links within the email you clicked on.
Our Sites are hosted by DreamHost. They are located the United States. The website database is in their East Coast facility in Ashburn Virginia. Our email services run from their data centre in Los Angeles, California. They were selected as being reputable with strong security protocols. As such we have taken suitable measures to safeguard and secure data collected through Our Sites including;
- The use of strong passwords
- All traffic (transferral of files) between both of Our Sites and your browser is encrypted and delivered over HTTPS
- Our Sites are hosted on a Virtual Private Server (VPS). This type of hosting has its own operating system (OS) and resources and is more secure than standard shared hosting where we would be sharing a server OS and resources with other websites, whose security we would have no control over.
Survey Monkey holds your IP address, your email address (if you provide it, otherwise your response to the survey is anonymous) and your views/comments on our products and services.
- Disclosure Of Your Information
Subject to section 6, we will not share any of your data with any third parties, other than those referred to in sections 2 and 4, for any purposes.
In certain circumstances, we may be legally required to share certain data held by us, which may include your personal data, for example, where we are involved in legal proceedings, where we are complying with legal obligations, a court order, or a governmental authority.
- What Happens If Our Business Changes Hands?
In the event that any of your data is to be transferred in such a manner, you will be contacted in advance and informed of the changes.
- Your Rights
You have the following rights under the GDPR, which this Policy and our use of personal data have been designed to uphold:
- The right to be informed about our collection and use of personal data;
- The right of access to the personal data we hold about you (see section 2); you have the right to ask for a copy of any of your personal data held by Us (where such data is held). Under the GDPR, no fee is payable and we will provide any and all information in response to your request free of charge. Please contact us for more details email@example.com, or using the contact details below in section 9.
- The right to rectification of any personal data we hold about you is inaccurate or incomplete (please contact us using the details in section 9);
- The right to be forgotten – i.e. the right to ask us to delete any personal data we hold about you (we only hold your personal data for a limited time, as explained in section 2 but if you would like us to delete it sooner, please contact us using the details in section 9);
- The right to restrict (i.e. prevent) the processing of your personal data; when you submit personal data via Our Sites, you may be given options to restrict our use of your data. In particular, we aim to give you strong controls on our use of your data for direct marketing purposes (including the ability to opt-out of receiving emails from us which you may do by unsubscribing using the links provided in our emails and at the point of providing your details).
- The right to data portability (obtaining a copy of your personal data to re-use with another service or organisation);
- The right to object to us using your personal data for particular purposes; and
- Rights with respect to automated decision making and profiling.
- If you have any cause for complaint about our use of your personal data, please contact us using the details provided in section 9 and we will do our best to solve the problem for you. If we are unable to help, you also have the right to lodge a complaint with the UK’s supervisory authority, the Information Commissioner’s Office.
For further information about your rights, please contact the Information Commissioner’s Office or your local Citizens Advice Bureau.
- Data Breaches
We will report any unlawful data breach of this website’s database or the database(s) of any of our third party data processors to any and all relevant persons and authorities within 72 hours of the breach if it is apparent that personal data stored in an identifiable manner has been stolen.
- Data Controller
The data controller of Our Sites is: Annie Deadman Ltd, a UK Private Limited Company with company number 04770329.
Whose registered and operating office is:
7 Priory Close
Hampton TW12 2QA
Person Responsible For Data Protection
Name: Stacey Mills
Title: Administration Manager
Email address: firstname.lastname@example.org
Annie Deadman Ltd
Updated October 2018