Privacy Policy

Last updated: 27 Aug 2025

This Privacy Policy explains how The London Fit Club Ltd. (“the Company”, “we”, “us”, “our”) collects, uses, and safeguards personal data when you use our services. It also sets out your rights under the UK General Data Protection Regulation (“UK GDPR”) and the Data Protection Act 2018.

By using our services, you acknowledge that you have read and understood this Privacy Policy.

1. Who We Are

The London Fit Club Ltd. is the “data controller” of your personal data. We decide how and why your data is used, although we rely on carefully selected third-party providers to process and store that data on our behalf.

Company details:
The London Fit Club Ltd.
Unit P Mandara Place, Yeoman Street, London, SE8 5FA

2. Information We Collect

We may collect and process the following categories of personal data:

  • Identity and Contact Data: name, email address, phone number, postal address.

  • Health, Disability and Behavioural Data (special category data): information provided by you, your parent/guardian, or your school, including medical conditions, injuries, disabilities, learning differences, or behavioural issues, where relevant to service delivery, safeguarding, or reasonable adjustments.

  • Account and Service Data: booking history, preferences, session notes, and programme records.

  • Payment Data: payments are processed through Barclaycard via TakePayments. We do not store or retain full card details.

  • Technical and Usage Data: IP address, browser type, device identifiers, website usage statistics (via cookies or analytics tools).

  • Youth Participant Data: emergency contact details, school information, mentorship/work placement details, and any safeguarding information disclosed.

3. Where and How Your Data Is Stored

We do not host customer data on local servers. Instead, data is securely stored using third-party processors, including:

  • Zanda Health – bookings, session records, therapy notes.

  • Phisitrack – rehabilitation and therapy programme delivery.

  • Microsoft 365 (Outlook/OneDrive/SharePoint) – secure communications and storage.

  • TakePayments/Barclaycard – payment processing.

All providers act as data processors under contract and must meet strict security standards.

4. Lawful Basis for Processing

We process personal data only where a lawful basis applies:

  • Contractual necessity – to provide requested services.

  • Legal obligation – to meet tax, regulatory, and safeguarding requirements.

  • Legitimate interests – to operate and improve our services, balanced against your rights.

  • Consent – for optional services such as marketing communications.

  • Special category data (health, disability, behavioural information) – processed under Article 9(2)(h) UK GDPR (health and social care) and, in safeguarding contexts, may also be processed under Article 9(2)(g) (substantial public interest). Where required, explicit consent will be obtained.

  • Children’s data – processed with parental/guardian consent.

  • Youth mentorship/work placements – processed under legitimate interests or contract, with parental/school authorisation for under-18s.

5. How We Use Your Data

We use personal data to:

  • Deliver training, therapy, and rehabilitation services.

  • Record session progress, therapy notes, and adjustments.

  • Provide safe and appropriate participation for children, youth, and vulnerable persons.

  • Process payments.

  • Communicate with you about services, bookings, or updates.

  • Provide youth mentorship and work experience placements.

  • Comply with safeguarding, regulatory, and insurance obligations.

6. Sharing of Data

We may share personal data with:

  • Service providers listed in section 3.

  • Professional staff and instructors delivering services.

  • Schools, parents, or guardians (for minors).

  • Regulators, insurers, or law enforcement (where required).

  • Business transferees (in mergers or acquisitions).

We do not sell personal data.

7. International Transfers

Where third-party providers transfer data outside the UK, we ensure appropriate safeguards such as adequacy regulations or UK-approved standard contractual clauses.

8. Data Retention

  • Adult records: 7 years after service ends.

  • Children’s health/therapy records: up to 25 years after birth or 8 years after treatment ends, whichever is longer.

  • Youth mentorship/work placements: 7 years after placement ends.

  • Financial/transaction records: minimum 6 years (legal requirement).

  • Safeguarding records: retained in line with statutory and insurance obligations.

9. Your Rights

You have rights under UK GDPR, including:

  • Access your data.

  • Correct inaccurate data.

  • Request erasure of data (where legally permissible).

  • Restrict or object to processing.

  • Receive a copy of your data (data portability).

  • Withdraw consent (where consent is the basis for processing).

Requests should be made to info@ldnfitclub.co.uk. Proof of identity may be required.

10. Complaints

You can raise concerns directly with us, or with the Information Commissioner’s Office (ICO):
www.ico.org.uk | 0303 123 1113

11. Security

We use appropriate technical and organisational measures to protect your data. All third-party providers are contractually bound to apply equivalent protections.

12. Children’s Data

We provide services to children only with parental or guardian consent.

  • We may collect personal and health data, including disabilities and behavioural issues, where necessary for safe service delivery.

  • Special category data is processed under Article 9(2)(h) (healthcare) and, if safeguarding applies, Article 9(2)(g) (substantial public interest).

  • Parents/guardians may request access, correction, or deletion of their child’s data (subject to professional/safeguarding obligations).

  • Records may be retained in accordance with statutory and professional requirements.

13. Youth Work Experience and Mentorship

We provide work experience and mentorship for young people.

  • Placements are arranged with school or parental/guardian consent.

  • Data collected may include contact details, emergency contacts, school details, and relevant health/disability/behavioural information.

  • Data is processed under legitimate interests (education/training delivery) or contract, with authorisation for under-18s.

  • Records are retained for 7 years after placement.

  • All placements are subject to our Safeguarding Policy.

14. Updates to This Policy

We may update this Privacy Policy from time to time. Changes will be published on our website and, where appropriate, notified to you directly.

15. Contact Us

The London Fit Club Ltd.
Unit P Mandara Place, Yeoman Street, London, SE8 5FA
Email: info@ldnfitclub.co.uk