GDPR: DATA PRIVACY NOTICE FOR CLIENTS AND BUSINESS PARTNERS
At The Mind Gap, we respect your privacy and are committed to protecting the personal data that we obtain.
Please read the following carefully to understand our views and practices regarding your personal data and how it will be treated.
The rules on processing of personal data are set out in the General Data Protection Regulation (the “GDPR”).
Data controller – A controller determines the purposes and means of processing personal data.
Data processor – A processor is responsible for processing personal data on behalf of a controller.
Data subject – Natural person
Categories of data: Personal data and special categories of personal data
Personal data – The GDPR applies to ‘personal data’ meaning any information relating to an identifiable person who can be directly or indirectly identified in particular by reference to an identifier (as explained in Article 6 of GDPR). For example name, passport number, home address or private email address. Online identifiers include IP addresses and cookies.
Special categories personal data – The GDPR refers to sensitive personal data as ‘special categories of personal data’ (as explained in Article 9 of GDPR). The special categories specifically include genetic data, and biometric data where processed to uniquely identify an individual. Other examples include racial and ethnic origin, sexual orientation, health data, trade union membership, political opinions, religious or philosophical beliefs.
Processing – means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.
Third party – means a natural or legal person, public authority, agency or body other than the data subject, controller, processor and persons who, under the direct authority of the controller or processor, are authorised to process personal data.
Who Am I?
Nicola Mapes, The Mind Gap coach, the data controller. This means I decide how your personal data is processed and for what purposes. My contact details are firstname.lastname@example.org
The Categories of Personal Data Concerned:
- Personal data: Name, address, telephone numbers and email addresses
- Special categories personal data: Alternate contact information, date of birth, gender, ethnicity, physical measurements or attributes, and other more detailed information about your lifestyle (including but not limited to: employment, preferences, habits, personal routine) in order create a program account. Limited medical information about your health and well-being in order to better assess and develop a structured coaching program to help you meet your fitness and health goals.
- We will also require confirmation from you that your doctor has approved your following our program or if you are not able to provide this confirmation, we will require that you sign this a medical waiver, which will be supplied to you at the time of collection of your personal information.
- As a tool to help you assess your progress, The Mind Gap will ask you to upload photographs of yourself periodically and to provide your measurements, including girth measurements and weight (around once a month). Uploading of photographs is optional and you can request that they be anonymised. The measurement recording feature is similarly optional. You can choose to stop uploading photos or providing measurements at any time. Should you choose to upload photos or measurements, these photos will only be viewed by The Mind Gap coaching staff.
- To complete any online purchase you will also be asked to provide our third party payment service provider with:
- your billing address
- your shipping address (if different)
- your payment details (e.g. credit card details)
- We may also obtain additional personal data, which could include special categories of personal data (i.e. personal data of a more sensitive nature), when you voluntarily supply information through our website, such as via our support and Live Chat feature or our Facebook community group.
- By interacting with us on social media platforms by way of “liking”, “following”, commenting, “retweeting” or “sharing”, you understand that you are consenting for our interaction with you.
Your Rights And Your Personal Data
Unless subject to an exemption under the GDPR, you have the following rights with respect to your personal data:
- The right to request a copy of the personal data which is held about you;
- The right to request to update or amend any personal data if it is found to be inaccurate or out of date;
- The right to request your personal data is erased where it is no longer necessary to retain such data;
- The right to request that your personal data is provided and where possible, to transmit that data directly to another data controller, (known as the right to data portability), (where applicable i.e. where the processing is based on consent or is necessary for the performance of a contract with the data subject and where the data controller processes the data by automated means);
- The right, where there is a dispute in relation to the accuracy or processing of your personal data, to request a restriction is placed on further processing;
- The right to object to the processing of personal data, (where applicable i.e. where processing is based on legitimate interests (or the performance of a task in the public interest/exercise of official authority); direct marketing and processing for the purposes of scientific/historical research and statistics).
Who We Share Your Data With
While we do not sell or share it with third parties, Precision Nutrition and The Mind Gap may, from time to time, conduct our own research on anonymised client data.
But this is only for those who opt-in (at intake). Those who don’t opt-in here are excluded from such analysis. So this part is completely in your, the client, control.
When Will We Collect Personal Information From You?
We will collect information that you provide to us when you:
- register and create an account for any of our The Mind Gap Programmes;
- purchase any of our products;
- complete offers or surveys through the use of our services;
- send email messages, queries, or other information to us, including posting our social media platforms.
Wherever possible, we collect personal information directly from you. Where applicable, we may also obtain information about you from other sources. That is, if you register for The Mind Gap Programme via a third-party social media network, you authorise The Mind Gap to collect from the third-party network the personal information you provided in your third-party network account so that we may pre-populate the registration and other relevant fields of your The Mind Gap user profile.
Your use of third-party networks remains subject to the terms and conditions and policies you have agreed to with such third-party network providers. For example, if you join the The Mind Gap FaceBook Group associated with your The Mind Gap programme, we and other users of FaceBook may be able to view your profile and the posts you submit, depending on your privacy settings. Your use of third-party platforms remains subject to the terms and conditions and privacy policies of such platforms, such as FaceBook’s Terms of Service and Data Policy.
Why Do We Collect And Use Your Personal Information?
We collect personal information from you to:
- Learn about you and your fitness goals and other related objectives to help you achieve them;
- Create a unique profile on our website in order to provide relevant and targeted offers to you;
- Send you products if you have purchased them;
- Better understand your preferences and tailor offers and services to you based on those preferences;
- Better understand our website usage and trends, to improve our service performance, and build knowledge around user attitudes and motivations around health and fitness;
- Process transactions for goods and services that you have purchased from us.
Our products and services are not intended for or available to children under the age of 18 years. If a parent or guardian becomes aware that his or her child has provided us with information or may be receiving communications from us without consent of a parent or guardian, we ask that this be brought to our immediate attention. We will make it our priority to address this situation and delete information relating to a child as soon as practicable. In such an event, please contact us at email@example.com.
Disclosure of Your Personal Information
We do not sell, rent or otherwise disclose any additional personal information to any third-party to enable them to market their products and services. Any information provided to any other third-parties will only be provided at the aggregate or de-identified level such that no individual can be uniquely identified or linked to the information.
Under certain circumstances, The Mind Gap will disclose your personal information:
- when we are required our authorised by law to do so;
- when you have consented to the disclosure;
- when the services we are providing to you require us to give your information to a third-party your consent will be implied, unless you tell us otherwise;
- to a potential successor to our business and its professional advisors in connection with a merger or sale involving all or part of our business or as part of a corporate reorganisation or stock sale or other change in corporate control;
- for the purpose of completing the transaction and continuing to provide services to you; or
- where it is necessary to establish or collect amounts owed to us.
Your Choices About Your Personal Information
At any time, if permitted by and subject always to the provisions of applicable data protection law, you can contact us to: stop receiving direct marketing (including, emails and hard copy materials) from us; access your personal information; where we have asked for your consent to processing, to withdraw this consent; close your account; amend or update your personal information, where possible, to ensure that it remains accurate, complete and up to date; erase your personal information; restrict your personal information; port your personal information; or object to some processing that is based on our legitimate interests, by contacting us at firstname.lastname@example.org. You can always unsubscribe from receiving promotional emails from us by simply clicking the “unsubscribe” link provided at the bottom of every promotional email from us. We will honour your request within ten business days of receipt.
Please note that if you request that we erase certain of your personal information, we may no longer be able to provide you with the products or services you have contracted for. For example, if you request that we erase your log-in credentials we will no longer be able to provide you with access to an online account on our website or app).
If you have questions about the withdrawal of your consent, please contact us at email@example.com.
If you contact us to do any of the things listed above, we may require you to provide sufficient personal information to allow us to identify you before disclosing the existence, use and disclosure of your personal information. The personal information so requested will only be used for the purpose of properly identifying you.
If you contact us about your personal information, we will respond to your request within the period required by law and at minimal cost or no cost to you in accordance with local laws. Summary information is available on request. More detailed requests that require archive or other retrieval costs may be subject to our normal administrative fees.
There may be instances where we cannot comply with your request to access your rights in respect of your personal information because of exceptions contained in local laws. For example, we may need to refuse access if denial of access is required or authorised by law; if access would interfere with the safety, health or privacy of others or if access would result in a breach of confidentiality.
We keep your personal information as long as is reasonably necessary for us to complete our dealings with you, or as may be required by law, whichever is longer. For example, we may retain your personal information after we have completed our dealings with you in the following situations: judicial proceedings, to comply with local laws respecting record retention and to comply with appropriate and adequate corporate record-keeping practices. As a result, we might not be able to comply with all requests to destroy personal information.
If we cannot comply with your request to exercise your rights in respect of your personal information, we will notify you in writing to explain why and, where applicable, provide you with the relevant sections of legislation dealing with the procedure to be followed should you wish to challenge our determination.
Where we require your personal information to comply with legal or contractual obligations, then provision of such data is mandatory: if such data are not provided, then we will not be able to manage our contractual relationship with you, or to meet obligations placed on us. In all other cases, provision of requested personal data is optional.
If you have unresolved concerns you also have the right to complain to data protection authorities. The relevant data protection authority will be the supervisory authority of the country: (i) of your habitual residence; (ii) of your place of work; or (iii) in which you consider the alleged infringement has occurred.
Cookies and Website Analytics
How Google uses data when you use our partners’ sites or apps.
To learn how to opt-out of Google analytics, please visit your Google Ads settings or: https://tools.google.com/dlpage/gaoptout/.
- we process this information to understand how visitors use our Website and to compile statistical reports regarding that activity (for example, your IP address is used to approximate the country from which you access our Website, and we aggregate this information together so we know that, for example, most of the visitors to our Website come from England).
- this processing is crucial to the running of our online business and we therefore undertake such monitoring in the pursuit of our legitimate interests in improving our website and providing a better service and source of information to visitors.
This information is not used to develop a personal profile of you.
On our website, like most other commercial websites, we may monitor traffic patterns, site usage and related site information in order to optimize our web service. We may provide aggregated information to third parties, but these statistics do not include any identifiable personal information.
Lawful Bases for Processing of Personal Information
We use the personal information we collect about you:
(a) to fulfil a contract, or take steps linked to a contract, in particular, in order to: provide you with our products and services, including their billing, payment processing, activation, supply, maintenance, support, trouble shooting, deactivation and upgrade or update as well as resolution of disputes over products and services; or enter into, and perform, an employment contract with you;
(b) where this is necessary for purposes which are in our, or third parties’, legitimate interests. These interests are:
- understanding and meeting your usage needs and preferences for our products and services notably by:
- using information collected to ensure that our products and services are technically functioning as intended;
- fulfilling or enforcing any agreements or notices that are associated with any of our particular products or services;
- managing or responding to your inquiries;
- identifying the features or products and services that are most valued and to identify gaps or shortfalls in our product and services offerings so we can develop new products and services and enhance existing ones;
- managing our business and operations, for example:
- to detect, monitor, investigate, mitigate, or attempt to prevent fraud and technical or security issues or to protect our products, services and property;
- to allow for business continuity and disaster recovery operations;
- to enforce our legal rights;
- for statistical purposes; and
- managing the recruitment process, in particular: making informed decisions on recruitment and ensuring your suitability for the role or to keep you in mind for future roles; answering your enquiries; and improving our recruitment processes and activities.
(c) to meet legal and regulatory requirements, all applicable laws and to respond to emergency situations, including:
- responding to court orders, warrants or other lawful requests or legal processes;
- detecting, preventing and suppressing unauthorized or detrimental use of our site, products or services; and
- providing emergency assistance in situations that may threaten the life or physical safety of you or others.
(d) where you give us your consent, for example:
- If you sign up for our free courses or resources, or you request to be added to our presale list to get early notification for when our programs open for registration, you are required to provide consent for us to process personal information in the form of your name, email address, and an optional SMS phone number. You consent by providing this information to us, and acknowledging the double opt-in confirmation. If at any time you wish to remove your name, email address, or SMS number from our system, you can unsubscribe from some or all messages from us by clicking the unsubscribe link, or by contacting us at firstname.lastname@example.org;
- If you register for our coaching programmes, we require explicit consent from you to process your personal information and sensitive data by affirmatively acknowledging your consent through ticking checkboxes in your program Intake Form. This includes consent for:
- The collection of potentially sensitive categories of data, like race/ethnicity and health-related data;
- Sending you daily or weekly email reminders of the next steps in the program, and when new messages or feedback arrives. You can start and stop delivery of these emails by changing a setting in the Your Info section of our application, and this will not affect our ability to deliver the contracted service;
- Collecting basic browser and operating system information to help us improve our products and services;
- Allow your data to be used anonymously for research purposes
- Recording your IP address to monitor and confirm access to our systems;
- Deriving and storing your time zone from an address you provide; and
- If you wish that we send to you information about similar products and services that we think may be of interest to you.
You may withdraw your consent at any time by contacting us using the details provided below.
Personnel, Supplies and Subcontractors
All financial transactions are handled directly by our third party payment service provider. We will not share any personal information with this third party provider, nor will we receive any of the financial information that you provide to them.
We will take commercially reasonable, appropriate technical and organisational measures to ensure a level of security appropriate to the risk that could be encountered via the use of our Website and services, taking into account the likelihood and severity those risks might pose to the rights and freedoms of our customers and other individuals who might be impacted.
In particular, we will take precautions to protect against the accidental or unlawful destruction, loss, or alteration, and unauthorised disclosure of or access to the personal data transmitted, stored or otherwise processed by us.
Please be aware that, while we make the security of our Website and your personal information a high priority and we devote considerable time and resources to implementing and maintaining robust information technology security, no security system can prevent all security breaches. By choosing to share your personal information with us, you accept the aforesaid and provide your information at your own risk.
Is My Personal Information Secure?
The Mind Gap takes all reasonable precautions to ensure that your personal information is kept safe from loss, unauthorised access, modification or disclosure. Among the steps taken to protect your information are:
- premises security;
- restricted file access to personal information;
- deploying technological safeguards such as security software and firewalls to prevent hacking or unauthorized computer access; and
- internal password and security policies.
Retention of Data
In accordance with data protection laws and good commercial practice, we do not retain data in a form that permits identification of the person(s) to whom it relates for any longer than is necessary. Once the purpose for which information has been collected has been fulfilled, we will either permanently delete your personal information or remove all identifiers within it so that it is no longer personal data. We may use such anonymised data for research and/or business analysis purposes.
Where you have provided us with personal information in order to purchase a plan and set up an account with us, we will retain those details for as long as your account remains active.
Where we obtain your personal data in relation to the use or purchase of our services or products, including VAT or invoicing information, we are obligated by law to keep this for a minimum of six years.
Where you engage in online discussions through the website, such as with our online coaches and support team or viatjhe client log in area, this content will be kept on their servers indefinitely, to have this communication erased please contact email@example.com
How To Make a Complaint
To exercise all relevant rights, queries or complaints please contact The Mind Gap on firstname.lastname@example.org
If this does not resolve your complaint to your satisfaction, you have the right to lodge a complaint with the Information Commissioners Office on 03031231113 or via email https://ico.org.uk/global/contact-us/email/ or at the Information Commissioner’s Office, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF, England.