Data Protection Policy
Trainer Pulse takes the protection of Customer data very seriously. Trainer Pulse has various policies and systems in place to enforce the safety of Customer data and the privacy of its clients.
In the course of business activities, Trainer Pulse, receives and processes information about the Customers (Fitness Professionals) of the service and their Clients who, access Trainer Pulse through the Customers.
1.1 Policy review
Trainer Pulse may review and amend this policy from time to time as it thinks fit, and will review it on at least an annual basis.
2. Data protection principles
Under Data Protection Legislation, Trainer Pulse is responsible for ensuring that personal data is held and processed in accordance with the data protection principles within the Data Protection Legislation. In summary, these principles are that personal data:
- (a) should be processed lawfully, fairly and in a transparent manner;
- (b) should be collected for specified, explicit and legitimate purposes, and must be processed in accordance with those purposes;
- (c) should be adequate, relevant and limited to what is actually necessary for the legitimate purpose for which it is collected;
- (d) must be accurate and kept up to date;
- (e) will be stored for no longer than is necessary and in a form that permits identification of data subjects;
- (f) must be processed in a lawful manner; and
- (g) shall be subject to appropriate security and safety measures.
Trainer Pulse seeks consent through a positive opt-in. Customers are presented with an unchecked box prior to sign up - here Customers have access to Trainer Pulse’s Data Protection Policy, Terms and Conditions.
In the event a Customer ticks the box and creates a Trainer Pulse account this will be deemed as consent to all of the policies and terms mentioned.
4. Information we collect
4.1 Personal Information
Trainer Pulse collects the necessary data from its Customers to fulfill its business obligations. The personal data Trainer Pulse process includes:
- Phone Number
- Browser Type
We declare that we will only use this information to:
- Provide our service to our Customers
- Send relevant emails - new Customer onboarding, product updates and Customer service responses
We do not sell or trade Customer information. However we do share certain data with our trusted sub processors which assist Trainer Pulse in providing its service to the Customers these are listed in section 8.
4.2 Information Collected for others
5. Retention of data
We will retain your Personal Information for as long as needed or permitted in light of the purpose(s) for which it was obtained and consistent with applicable law. The criteria used to determine our retention periods include:
- The length of time we have an ongoing relationship with you and provide the Services to you (for example, for as long as you have an account with us or keep using the Services);
- Whether there is a legal obligation to which we are subject (for example, certain laws require us to keep records of your transactions for a certain period of time before we can delete them); or
- Whether retention is advisable in light of our legal position (such as in regard to applicable statutes of limitations, litigation or regulatory investigations).
6. Rights of Individuals
6.1 Data subject access requests
Individuals are entitled to access their personal data held by Trainer Pulse on request, this request will be processed within one month. Trainer Pulse will maintain a record of data subject access requests.
6.2 Right to be forgotten
Individuals have the general right to require Trainer Pulse to erase all data held in respect of them in various circumstances. The circumstances include if the individual withdraws consent to processing the data, the retention no longer being necessary for the original purpose for which it was collected and there is no other legitimate ground to justify the processing (see section 3 above). However, Trainer Pulse need not delete the data if an exception applies, including that the processing is necessary to comply with a legal obligation.
6.3 Right to rectification
Individuals have the right to have incorrect personal data about them corrected without undue delay. Trainer Pulse endeavours to have its data as up to date and correct as possible. Where an error is discovered, Trainer Pulse already corrects this as soon as possible.
6.4 Right to data portability
Individuals have the right, in certain circumstances, to access their data in machine-readable format. In the event of a request Trainer Pulse will endeavour to provide data in a timely manner and will provide advice to streamline to transition.
6.5 Breach notification
In the unlikely event there is a data breach Trainer Pulse will notify Customers within 72 hours of becoming aware of the breach. Trainer Pulse will keep a record of any data breaches.
6.6 Requests and complaints
In the event a Customer requests data or wishes to complain they are advised to email firstname.lastname@example.org - Receipt will be acknowledged within 7 days. The request itself will be actioned as soon as possible. The Customer will be advised throughout the process.
7. Security of data
Data stored in the Trainer Pulse database is encrypted using SSL as are its backups. All data is stored on secure servers provided by GoDaddy.
7.1 Access to Trainer Pulse data
User access to Trainer Pulse’s systems will be controlled with a best practice “strong” password policy, which includes password complexity and renewal period rules. Access to application software will be controlled with two factor authentication rules.
7.2 Data security by Employees
The employees all have responsibility to ensure that in performing their duties they do not endanger the safety and security of personal data Trainer Pulse holds and processes and at all times act in an appropriate manner concerning the Data Protection Legislation generally and their individual obligations. All Trainer Pulse employees will undertake mandatory formal training on data protection (and other issues) at suitable intervals and other training as Trainer Pulse considers appropriate.
8. Use of Data Processors
8.1 Trainer Pulse shall ensure that it has a written contract which meets the requirements of GDPR in place with each data processor to which it may pass personal data to be processed. In particular, Trainer Pulse will expect each data processor to guarantee that it will meet the requirements of GDPR and will protect clients’ and other individuals’ rights.
8.2 Before engaging a new data processor, Trainer Pulse will check that:
- (a) the geography and location of the data processor and where the personal data will be processed;
- (b) the data processor has appropriate technical and organisational measures in place to keep personal data secure; and
- (c) the data processor's staff who will be engaged in processing personal data in relation to the Scheme are subject to a duty of confidentiality and are aware of data protection matters and their obligations.
8.3 Trainer Pulse will seek appropriate assurances from each data processor as to the security arrangements it has in place. This may take the form of:
- (a) for an existing data processor, a short summary of its key data security measures;
- (b) for a new data processor, before entering into a new contract, a short statement of its key data security measures; and
- (c) subsequent confirmation from each continuing data processor every 36 months of what, if any, changes there have been to its security arrangements.
8.4 Trainer Pulse recognises that its data processors may wish to sub-contract some services, which may include sub-contractors processing data on behalf of the data processor. Trainer Pulse will ensure that its contract with a data processor wishing to do this will contain provisions concerning sub-contracting which meet the requirements of GDPR.
Trainer Pulse sub-processors:
Trainer Pulse does not store any credit card data for recurring billing. This is processed securely with Stripe.
This policy is adopted by Trainer Pulse as of 24th May 2018