Trainer Pulse takes the protection of Customer data very seriously. Trainer Pulse has various policies and systems in place to enforce the safety of Customer data and the privacy of its clients.
In the course of business activities, Trainer Pulse, receives and processes information about the Customers (Fitness Professionals) of the service and their Clients who, access Trainer Pulse through the Customers.
1.1 Policy review
Trainer Pulse may review and amend this policy from time to time as it thinks fit, and will review it on at least an annual basis.
2. Data protection principles
Under Data Protection Legislation, Trainer Pulse is responsible for ensuring that personal data is held and processed in accordance with the data protection principles within the Data Protection Legislation. In summary, these principles are that personal data:
Trainer Pulse seeks consent through a positive opt-in. Customers are presented with an unchecked box prior to sign up - here Customers have access to Trainer Pulse’s Data Protection Policy, Terms and Conditions.
In the event a Customer ticks the box and creates a Trainer Pulse account this will be deemed as consent to all of the policies and terms mentioned.
4. Information we collect
4.1 Personal Information
Trainer Pulse collects the necessary data from its Customers to fulfill its business obligations. The personal data Trainer Pulse process includes:
We declare that we will only use this information to:
We do not sell or trade Customer information. However we do share certain data with our trusted sub processors which assist Trainer Pulse in providing its service to the Customers these are listed in section 8.
4.2 Information Collected for others
5. Retention of data
We will retain your Personal Information for as long as needed or permitted in light of the purpose(s) for which it was obtained and consistent with applicable law. The criteria used to determine our retention periods include:
6. Rights of Individuals
6.1 Data subject access requests
Individuals are entitled to access their personal data held by Trainer Pulse on request, this request will be processed within one month. Trainer Pulse will maintain a record of data subject access requests.
6.2 Right to be forgotten
Individuals have the general right to require Trainer Pulse to erase all data held in respect of them in various circumstances. The circumstances include if the individual withdraws consent to processing the data, the retention no longer being necessary for the original purpose for which it was collected and there is no other legitimate ground to justify the processing (see section 3 above). However, Trainer Pulse need not delete the data if an exception applies, including that the processing is necessary to comply with a legal obligation.
6.3 Right to rectification
Individuals have the right to have incorrect personal data about them corrected without undue delay. Trainer Pulse endeavours to have its data as up to date and correct as possible. Where an error is discovered, Trainer Pulse already corrects this as soon as possible.
6.4 Right to data portability
Individuals have the right, in certain circumstances, to access their data in machine-readable format. In the event of a request Trainer Pulse will endeavour to provide data in a timely manner and will provide advice to streamline to transition.
6.5 Breach notification
In the unlikely event there is a data breach Trainer Pulse will notify Customers within 72 hours of becoming aware of the breach. Trainer Pulse will keep a record of any data breaches.
6.6 Requests and complaints
In the event a Customer requests data or wishes to complain they are advised to email firstname.lastname@example.org - Receipt will be acknowledged within 7 days. The request itself will be actioned as soon as possible. The Customer will be advised throughout the process.
7. Security of data
Data stored in the Trainer Pulse database is encrypted using SSL as are its backups. All data is stored on secure servers provided by GoDaddy.
7.1 Access to Trainer Pulse data
User access to Trainer Pulse’s systems will be controlled with a best practice “strong” password policy, which includes password complexity and renewal period rules. Access to application software will be controlled with two factor authentication rules.
7.2 Data security by Employees
The employees all have responsibility to ensure that in performing their duties they do not endanger the safety and security of personal data Trainer Pulse holds and processes and at all times act in an appropriate manner concerning the Data Protection Legislation generally and their individual obligations. All Trainer Pulse employees will undertake mandatory formal training on data protection (and other issues) at suitable intervals and other training as Trainer Pulse considers appropriate.
8. Use of Data Processors
8.1 Trainer Pulse shall ensure that it has a written contract which meets the requirements of GDPR in place with each data processor to which it may pass personal data to be processed. In particular, Trainer Pulse will expect each data processor to guarantee that it will meet the requirements of GDPR and will protect clients’ and other individuals’ rights.
8.2 Before engaging a new data processor, Trainer Pulse will check that:
8.3 Trainer Pulse will seek appropriate assurances from each data processor as to the security arrangements it has in place. This may take the form of:
8.4 Trainer Pulse recognises that its data processors may wish to sub-contract some services, which may include sub-contractors processing data on behalf of the data processor. Trainer Pulse will ensure that its contract with a data processor wishing to do this will contain provisions concerning sub-contracting which meet the requirements of GDPR.
Trainer Pulse sub-processors:
Trainer Pulse does not store any credit card data for recurring billing. This is processed securely with Stripe.
This policy is adopted by Trainer Pulse as of 24th May 2018