Equip CrossFit is strongly committed to the security and protection of members’ personal information and we do our utmost at all times to ensure privacy. We take the security and privacy of our customers very seriously. We strive to conform to the UK and European Data Protection laws. We do not share any information with unrelated third parties (unless required to by law), nor do we collect or retain any information other than that necessary for us to provide our services to you.
We will uphold the 6 principles for data processing: Lawfulness, fairness and transparency; Purpose limitation; Data minimisation; Storage limitation; Integrity & confidentiality (security), and Accountability. This policy aims to cover these principles.
There are two important roles regarding data use. These are:
Data Controllers– a person who (either alone, jointly or in common with other persons) determines the purposes for which, and the manner in which, any personal data is to be processed.
Data Processors– in relation to personal data, means any person (other than an employee of a data controller), who processes the data on behalf of the data controller. (“Processing”, in relation to information/data, means obtaining, recording or holding the information/data or carrying out any operation or set of operations on it, including; organisation, adaptation or alteration of the information/data, retrieval, consultation or use of the information/data, disclosure of the information/data by transmission, dissemination or otherwise making available, or alignment, combination, blocking, erasure or destruction of the information/data.
Under these definitions, Equip CrossFit is a data controller, and wodify is both a data controller and processor. Wodify have their own procedures for their responsibilities which conform to BS7799-3 where relevant, or other best practices to ensure compliance with UK data protection laws. Please visit wodify for more information on wodify.
At present, Equip CrossFit only process personal data for core business purposes and so are exempt from registering with the Information Commissioner’s Office (ICO) at this time. Should this change, this policy will be reviewed immediately.
We also ensure we obtain GDPR DPAs (Data Protection Agreements) from any company we use to process personal data, such as Mailchimp, Stripe, IZettle, etc.
What data do we collect?
If you email us or sign up for a service, or you contact us via our form, Equip CrossFit may obtain the following information: Name, Email Address, Address, and Phone Number
How do we obtain your data?
You directly supply Equip CrossFit with any data we collect. This is collected and processed when you register online and place an order for any of our products and services, voluntarily complete a customer survey or provide feedback on any of our products/services, or use/view our website via your internet browser’s cookies.
Equip CrossFit may also receive your data indirectly from Wodify Payments when a service is purchased (e.g., through , Wodify, PayPal etc). This may include Name, Email address, Address and service purchased.
How do we use this data?
We use members’ personal information only as necessary for us to provide our services to you. We do not share any information with unrelated third parties (unless required by law) nor do we collect or retain any information other than is required for the provision of our products or services. Information collected during the online registration process is stored securely and will be securely destroyed if it is no longer required by Equip CrossFit. Members may request details of personal information, which we hold under the Data Protection Act 1998 and General Data Protection Regulation 2016 (GDPR). A small fee may be payable but is not usually charged, unless the request is manifestly unfounded or excessive; or an individual requests further copies of their data following a request. In these cases, a reasonable fee for the administration costs of complying with the request will be payable. Copies of this information can be obtained by writing to us at firstname.lastname@example.org. If you believe that any information we are holding on you is incorrect or incomplete, please write to or email us as soon as possible, at the above address. We will promptly correct any information found to be incorrect. We request all members check their details for accuracy annually and make any necessary changes. This includes re-completion of our waiver if any information has changed (e.g. address, phone number, medical conditions). Please note in order to receive emails from us, you need to ‘opt in’ to confirm your consent in order for us to comply with legal requirements. We require this to allow us to communicate with members effectively.
The data we collect is necessary to process your order, manage your account and email you as part of our update service. When your order is processed by our payment provider, wodify payments, it is possible that it may send your data to (and use the resulting information from) credit reference agencies and/or use their own software in order to prevent fraudulent purchases.
How do we store your data?
Equip CrossFit securely stores your data electronically.
Your data will be kept for a period of 1 year. Alternatively, you may email us at any time at email@example.com and ask us to delete your data. If you ask to be removed, we will delete your data manually unless you have an ongoing service with us, in which case we will email you to ask to you review and update your details as outlined above.
Security of information
Personal information collected by Equip CrossFit and our website firstname.lastname@example.org is stored in secure operating environments that are not available to the public. Security measures include strong, multiple password protected systems.
We will protect your personal information no matter where we process or store your data.
Equip CrossFit would like to send you information about products and services of ours that we think you might like. If you have agreed to receive marketing, you may always opt out at a later date. You have a right at any time to stop us from contacting you for marketing purposes. Please email us at email@example.com to action this.
What are your data protection rights?
Equip CrossFit want to make sure you are fully aware of your data protection rights. As such, every user is entitled to the following:
The right to access – You have the right to request copies of your personal information from Equip CrossFit. We may charge you a small fee for this service, as detailed above, but usually do not.
The right to rectification – You have the right to request correction of any information you believe to be inaccurate, and completion of any information you believe to be incomplete.
The right to be informed – we cover this by the information included in this policy.
The right to erasure – You have the right to request that we erase your personal information under certain conditions.
The right to restrict processing – You have the right to request the restriction of processing of your personal data, under certain conditions.
The right to object to processing – You have the right to object to the processing of your personal data, under certain conditions.
The right to data portability – You have the right to request that Equip CrossFit transfers the data that we have collected to another organization, or directly to you, under certain conditions.
Rights relating to automated decision-making including profiling – You have the right to challenge and request a review of the procession provisions if you believe the rules are not being followed.
If you make a request, we have one month to respond. To exercise any of these rights please email us at firstname.lastname@example.org or write to us at: Unit 4 Brackenvale Business Park, 535-537 Saintfield Road, Belfast BT8 8ES. Any requests for personal information go straight to the Data Protection Officer for action under ERM028b Subject Access Request Procedure.
Data Protection Officer for Equip CrossFit: Jonathan Pedlow
Privacy policies of other websites
Please note that Equip CrossFit does provide links to other sites via our website, blog, Facebook and Instagram accounts, Once you have used these links to leave our site, you should note that we do not have any control over that other website. Therefore, we cannot be responsible for the protection and privacy of any information that you provide whilst visiting such sites, which are not governed by this statement. You should exercise caution and look at the privacy statement applicable to the website(s) in question. We also have no responsibility for the content of the linked website(s).
Where we engage third party contractors (e.g. coaches, presenters) to perform services for us, those third-party contractors may be required to handle your personal information. Under these circumstances, those third-party contractors must safeguard this information and must only use it for the purposes for which it was supplied, although we are not responsible for ensuring this. Other than the above, we will not disclose your personal information without your consent unless disclosure is either necessary to prevent a threat to life or health, authorised or required by law, reasonably necessary to enforce the law or necessary to investigate a suspected unlawful activity.
Equip CrossFit makes use of third-party software to manage client payments, bookings and membership, provided by Wodify. Wodify has their own privacy and data security policy with regard to client information. You can access this information on their website www.wodify.com. We have ensured they are ICO registered and compliant with British Standard BS7799-3 as applicable.
CCTV is in operation at Equip CrossFit. Signs are displayed to make all visitors and members aware of this, in front of the reception area. There are currently 2 cameras in operation, one monitoring the car park / main entrance and the other monitoring the rear of the building. New members are made aware of the presence of CCTV within ERM015a New Member Welcome Pack.
The Data Protection Officer has shared this policy with all staff members, so everyone is aware of our requirements under the Data Protection Act, General Data Protection Regulation and other relevant legislation. All staff have been made aware how to handle personal data (in this case not to share with anyone at any time unless required to by Law), and that it is a criminal offence to do so.
There are various contacts available on Equip CrossFit’s website, any of which can be used as an access point to information and complaints in relation to our CCTV.
We have utilised Appendix 2 from the CCTV Code of Practice (published June 2013, last updated Oct 2014) to ensure our compliance with CCTV requirements. This can be found at the end of this policy, entitled “CCTV checklist”.
Equip CrossFit utilises Zoom for remote coaching sessions where necessary. Due to the nature of personal images, we will not share these on social media without express permission from participants. Permission is granted/denied via ERM015b PAR-Q and Waiver or ERM018b PAR-Q and Wavier (U18) as applicable.
Changes to our Policy
From time to time, it may be necessary for us to review and revise this Policy. We reserve the right to change our Policy at any time and should this occur, the amendment will be posted on our website and will be effective immediately. This policy was last reviewed 01/04/23.
Our business Terms and Conditions are also available on our website which outline how we use personal information. This is freely available information so anyone visiting our website can access it.
Should you wish to report a complaint, or you feel that we have not addressed your concern in an appropriate manner, you may contact the Information Commissioner’s Office.
Notification has been submitted to the Information Commissioner and the next renewal date recorded: Registration ZB110174, made 30/06/22. Renewal date 30/06/23
Named individual responsible for the operation of the system: Jonathan Pedlow
The problem we are trying to address has been clearly defined and installing cameras identified as the best solution. This decision is reviewed on a regular basis:
The CCTV is for capturing thefts and any incidents, and to back up staff if needed when working alone with a client. Reviewed annually for effectiveness.
A system has been chosen which produces clear images, which law enforcement bodies (i.e.the police) can use to identify crime. These can easily be taken from the system when required.
Cameras have been sighted so that they provide clear images and cover the biggest areas possible. They have been positioned to avoid capturing the images of people not visiting the premises.
As mentioned in the policy text, there are visible signs showing that CCTV is in operation.
Images are securely stored on the CCTV server and only authorised staff have access to them. They will not be shared with any third party with the exception of law enforcement bodies.
The recorded images are wiped monthly. This is automatically actioned by the system. From past events this has shown to just be enough for incidents to come to light (e.g. thefts). Any shorter and these incidents risk being missed.
The potential impact on individuals’ privacy has been identified when taking into account the use of the system. Cameras are sited to film only that which would be in plain sight, and the monitor location has also been chosen bearing this in mind.
Equip CrossFit Ltd knows how to respond to individuals making requests for copies of their own images, and to seek advice from the Information Commissioner as soon as such a request is made. Firstly, an offer for them to come and view the footage would be made, then a copy supplied if still requested. A third-party company (by means of a secrecy contract) would be used to blur out the faces of others if deemed necessary. Staff have been made aware it is a criminal offence to misuse CCTV footage
Regular checks are carried out to ensure the system is working properly and produces high quality images. Spiderwebs are cleaned off the external camera monthly, or more frequently if required and a signed record of this is kept (see ERM014a Cleaning & Maintenance Schedule). The CCTV viewing monitor is switched on at the start of each day to ensure the cameras are online and working properly. The date/time stamp is checked at least twice a year (accounting for daylight savings’ time) and the system is reviewed annually for effectiveness. The monitor is kept in a secure location away from public view.
In the future we plan to explore the Surveillance Camera Commissioner’s Third-Party Certification Scheme to evidence good practice.