United Fitness Brands and its subsidiaries are committed to protecting the privacy and security of your personal information. We take care to protect the privacy of our customers and users of our products that communicate (online or offline) with us, in store, events, over the phone, through our mobile applications, websites and social media platforms.
Any reference to United Fitness Brands includes United Fitness Brands as well as its subsidiaries; Boom Spin Ltd, Barrecore Ltd, KOBOX Ltd and triyoga Ltd.
2 The information we collect and when
We only collect information that we know we will genuinely use and in accordance with the General Data Protection Regulation (GDPR). The type of information that we will collect on you, and you voluntarily provide to us on this [website/form/service] includes:
Method of finding out about United Fitness Brands’ Companies
Preferred Studio location(s)
Purchase, class and communication history
We may, in further dealings with you, extend this information to include your address, purchases, services used, and subscriptions, records of conversations and agreements and payment transactions.
You are under no statutory or contractual requirement or obligation to provide us with your personal information; however, we require at least the information above in order for us to deal with you as a user of United Fitness Brands in an efficient and effective manner.
The legal basis for processing your data is based on your specific consent as well as legitimate interest that we will have stated at the point the information was initially provided, therefore we will not store, process or transfer your data outside the parties detailed above unless we have an appropriate lawful reason to do so.
3 How we use your information
To contact you, following your enquiry, reply to any questions, suggestions, issues or complaints you have contacted us about;
Make available our products and services to you;
Process your orders;
Take payment from you or give you a refund;
Personalise your shopping experience, for example we may provide you with details of products that match a product, which you may have purchased or enquired about previously;
For statistical analysis and to get feedback from you about our products, websites, mobile apps, and other services and activities. For example, occasionally we may invite you to review a product or service you’ve bought or used from us. If we do, it’s possible that we’ll use independent research and feedback providers to act on our behalf;
To power our security measures and services so you can safely access our website and mobile apps;
Help us understand more about you as a customer, the products and services you consume, so we can serve you better;
Contact you about products and services from us;
Provide you with online advertising and promotions; and
Help answer your questions and solve any issues you have.
4 Who we might share your information with
We may share your personal data with other organisations in the following circumstances:
If the law or a public authority says we must share the personal data;
If we need to share personal data in order to establish, exercise or defend our legal rights (this includes providing personal data to others for the purposes of preventing fraud and reducing credit risk); or
From time to time, employ the services of other parties for dealing with certain processes necessary for the operation of the Website. However, all the information we share will be collected and anonymised, so neither you nor any of your devices can be identified from it.
We use the following third party data processors who are based outside the UK and the EU. We have determined the processing and transfer of this data to be adequate.
MailChimp – We use MailChimp to send communications and store your sign-up/opt-in data for all promotional emails. Your data is stored safely and securely and will not be shared with any third party directly from MailChimp. You can opt-out of these emails at any time by clicking the unsubscribe link at the bottom of every email
5 How we keep you updated on our products and services
We will send you relevant offers and news about our products and services in a number of ways including by email, but only if you have previously consented to receive these marketing communications. When you register with us we will ask if you would like to receive marketing communications, and you can change your marketing choices online, over the phone or in writing at any time.
If you wish to amend your marketing preferences, you can do so by logging into your account or unsubscribing from the marketing email.
6 How we keep you updated on our products and services
6.1.1 Right to Access Your Personal Information
You have the right to access the personal information that we hold about you in many circumstances, by making a request. This is sometimes termed ‘Subject Access Request’. If we agree that we are obliged to provide personal information to you (or someone else on your behalf), we will provide it to you or them free of charge and aim to do so within 30 days from when your identity has been confirmed.
We would ask for proof of identity and sufficient information about your interactions with us that we can locate your personal information.
If you would like to exercise this right, please contact us as set out below.
6.1.2 Right to Correction Your Personal Information
If any of the personal information we hold about you is inaccurate or out of date, you may ask us to correct it.
If you would like to exercise this right, please contact us as set out below.
6.1.3 Right to Stop or Limit Our Processing of Your Data
You have the right to object to us processing your personal information if we are not entitled to use it any more, to have your information deleted if we are keeping it too long or have its processing restricted in certain circumstances.
If you would like to exercise this right, please contact us as set out below.
6.1.4 For more information about your privacy rights
The Information Commissioner’s Office (ICO) regulates data protection and privacy matters in the UK. They make a lot of information accessible to consumers on their website and they ensure that the registered details of all data controllers such as ourselves are available publicly. You can access them here https://ico.org.uk/for-the-public.
You can make a complaint to the ICO at any time about the way we use your information. However, we hope that you would consider raising any issue or complaint you have with us first. Your satisfaction is extremely important to us, and we will always do our very best to solve any problems you may have.
7 How long we keep your information for
We retain a record of your personal information in order to provide you with a high quality and consistent service. We will always retain your personal information in accordance with the General Data Protection Regulation (GDPR) and never retain your information for longer than is necessary. Unless otherwise required by law, your data will be stored for a period of 7 years after your last class, at which point it will be deleted.
8 Giving your reviews and sharing your thoughts
When using our websites or mobile applications, you may be able to share information through social networks like Facebook and Twitter. For example, when you ‘like’, ‘share’ or review our Services. When doing this, your personal information may be visible to the providers of those social networks and/or their other users. Please remember it is your responsibility to set appropriate privacy settings on your social network accounts so you are comfortable with how your information is used and shared on them.
Data security is of great importance to United Fitness Brands and to protect your data we have put in place suitable physical, electronic and managerial procedures to safeguard and secure your collected data.
We take security measures to protect your information including:
Implementing access controls to our information technology
We use appropriate procedures and technical security measures (including strict encryption, anonymisation and archiving techniques) to safeguard your information across all our computer systems, networks, websites, mobile apps, offices and stores.
Never asking you for your passwords;
Advising you never to enter your account number or password into an email or after following a link from an email.
10 How to contact us
If you would like to exercise one of your rights as set out above, or you have a question or a complaint about this policy, the way your personal information is processed, please contact us by one of the following means:
By email: email@example.com
What Are Cookies
You can prevent the setting of cookies by adjusting the settings on your browser (see your browser Help for how to do this). Be aware that disabling cookies will affect the functionality of this and many other websites that you visit. Disabling cookies will usually result in also disabling certain functionality and features of this site. Therefore, it is recommended that you do not disable cookies.
The Cookies We Set
This site offers e-commerce or payment facilities and some cookies are essential to ensure that your order is remembered between pages so that we can process it properly.
When you submit data to through a form such as those found on contact pages or comment forms cookies may be set to remember your user details for future correspondence.
Third Party Cookies
This site uses Google Analytics which is one of the most widespread and trusted analytics solution on the web for helping us to understand how you use the site and ways that we can improve your experience. These cookies may track things such as how long you spend on the site and the pages that you visit so we can continue to produce engaging content.
For more information on Google Analytics cookies, see the official Google Analytics page.
As we sell products it’s important for us to understand statistics about how many of the visitors to our site actually make a purchase and as such this is the kind of data that these cookies will track. This is important to you as it means that we can accurately make business predictions that allow us to monitor our advertising and product costs to ensure the best possible price.
We also use social media buttons and/or plugins on this site that allow you to connect with your social network in various ways. For these to work the following social media sites including; Facebook, Twitter, Instagram, will set cookies through our site which may be used to enhance your profile on their site or contribute to the data they hold for various purposes outlined in their respective privacy policies.
1.1 Some United Fitness Brands locations have in place a CCTV surveillance system, “the system” within internal and external locations. Images are monitored and recorded centrally and will be used in strict accordance with this policy. The system is owned by United Fitness Brands.
1.2 The Heads of Studio Managers have initial responsibility for the operation of the system and for ensuring compliance with this policy and the procedures documented. They may be contacted as follows:
Kelby Campbell Kara Alberts Kat Ince
firstname.lastname@example.org email@example.com Kat@barrecore.co.uk
In the absence of the Studio Manager this responsibility transfers to Robert Rowland. Who may be contacted as follows:
General Data Protection Regulations: CCTV digital images, if they show a recognisable person, are personal data and are covered by the General Data Protection Regulations. This Policy is associated with the United Fitness Brands General Data Protection Policy, the provisions of which should be adhered to at all times.
2. The system
2.1 Systems in United Fitness Brands
2.1.1 - In Boom Cycle Battersea There are 5 cameras in total, 4 internal and 1 external with night zoom. No monitor screens are present, the feed can only be accessed via an app with restricted access to only two users with unique log-in credentials. Two signs are visible, one is located in the main reception area and the other on the shopfront.
2.1.2 – In KOBOX there are
2.2 Cameras will be located at strategic points on the complex. No camera will be hidden from view. A list of locations is given at Appendix 1.
2.3 Signs will be prominently placed at strategic points and at entrance and exit points of the studio to inform staff, visitors, and members of the public that a CCTV installation is in use.
2.4 Although every effort has been made to ensure maximum effectiveness of the system it is not possible to guarantee that the system will detect every incident taking place within the area of coverage.
3. Purpose of the system
3.1 The system has been installed by United Fitness Brands with the primary purpose of reducing the threat of crime generally, protecting United Fitness Brands premises and helping to ensure the safety of all United Fitness Brands staff and visitors consistent with respect for the individuals’ privacy. These purposes will be achieved by monitoring the system to:
• Deter those having criminal intent
• Assist in the prevention and detection of crime
• Facilitate the identification, apprehension and prosecution of offenders in relation to crime and public order
• Facilitate the identification of any activities/event which might warrant disciplinary proceedings being taken against staff and assist in providing evidence to managers and/or to a member of staff against whom disciplinary or other action is, or is threatened to be taken.
• In the case of staff to provide management information relating to employee compliance with contracts of employment.
The system will not be used:
• To provide recorded images for the world-wide-web.
• To record sound other than in accordance with the policy on covert recording.
• For any automated decision taking
3.2 Covert recording
3.2.1 Covert cameras may be used under the following circumstances on the written authorisation or request of Robert Rowland and where it has been assessed re: General Data Protection Regulations by the DPO
• That informing the individual(s) concerned that recording was taking place would seriously prejudice the objective of making the recording; and
• That there is reasonable cause to suspect that unauthorised or illegal activity is taking place or is about to take place.
3.2.2 Any such covert processing will only be carried out for a limited and reasonable period of time consistent with the objectives of making the recording and will only relate to the specific suspected unauthorised activity.
3.2.3 The decision to adopt covert recording will be fully documented and will set out how the decision to use covert recording was reached and by whom.
4. Monitoring of images
4.1 Images captured by the system will be recorded twenty-four hours a day throughout the whole year. Monitors may be present onsite. Recordings will be stored locally on a hard drive located with the site communications equipment.
4.2 No unauthorised access to recordings will be permitted at any time. Access will be strictly limited to the Studio Manager, Co-founders, police officers and any other person with statutory powers of entry. A list of those members of staff authorised to access the recordings via the app is given at Appendix 2.
4.3 Staff, guests and visitors may be granted access on a case-by-case basis and only then on written authorisation from the DPO. In an emergency and where it is not reasonably practicable to secure prior authorisation, access may be granted to persons with a legitimate reason to access the recordings.
4.4 Before allowing access to recordings, staff will satisfy themselves of the identity of any visitor and that the visitor has appropriate authorisation. All individuals will be required to complete and sign the access’ log, located in the studios GDPR folder which shall include details of their name, their department or organisation they represent, the person who granted authorisation and the times of access, this will also include any visitors granted emergency access.
5.1 All staff working will be made aware of the CCTV images and recordings and associated policy. The DPO/Studio Manager will ensure that all staff are fully briefed and trained in respect of the functions, operational and administrative, arising from the use of CCTV.
6.1 Digital recordings are made using digital video recorders operating in time lapse mode. Incidents may be recorded in real time.
6.2 Images will normally be retained for 31 days from the date of recording, and then automatically over written and the Log updated accordingly.
7. Access to images
7.1 All access to images will be recorded in an Access Log
7.2 Access to images will be restricted to those staff need to have access in accordance with the purposes of the system. A list of such staff is given at Appendix 2.
7.3 Access to images by third parties
7.3.1 Disclosure of recorded material will only be made to third parties in strict accordance with the purposes of the system and is limited to the following authorities:
• Law enforcement agencies where images recorded would assist in a criminal enquiry and/or the prevention of terrorism and disorder
• Prosecution agencies
• Relevant legal representatives
• The media where the assistance of the general public is required in the identification of a victim of crime or the identification of a perpetrator of a crime
• People whose images have been recorded and retained unless disclosure to the individual would prejudice criminal enquiries or criminal proceedings.
• Emergency services in connection with the investigation of an accident.
7.4 Access to images by a subject
CCTV digital images, if they show a recognisable person, are personal data and are covered by the General Data Protection Regulations. Anyone who believes that they have been filmed by CCTV is entitled to ask for a copy of the data, subject to exemptions contained in the Regulations. They do not have the right of instant access.
7.4.1 A person whose image has been recorded and retained and who wishes access to the data must apply in writing to the DPO. Subject Access Requests can be made via email firstname.lastname@example.org. A response will be provided promptly and in any event within 1 month of receiving the request.
7.4.2 The General Data Protection Act gives the DPO the right to refuse a request for a copy of the data particularly where such access could prejudice the prevention or detection of crime or the apprehension or prosecution of offenders.
7.4.3 If it is decided that a data subject access request is to be refused, the reasons will be fully documented and the data subject informed in writing within 1 month, stating the reasons.
8.1 It is recognised that some Data Subjects may have concerns or complaints about the operation of the system. Any complaint should be addressed in the first instance to the DPO at email@example.com or Boom Cycle Battersea, 1&3 Arches Lane, London, SW11 8AB.
Concerns or enquiries relating to the provisions of the General Data Protection Regulations and/or The Data Protection Act 2018 may also be addressed to the DPO. These rights do not alter the existing rights of anyone under any relevant grievance or disciplinary procedures.
9. Data breach
9.1 A “Personal Data Breach’ means a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, personal data transmitted, stored or otherwise processed”
9.2 In the event that a data breach occurs, a thorough assessment of the breach will be made immediately by the Incident Response Team (IRT), comprised of the DPO as well as Kelby Campbell (Studio Manager) and Robert Rowland (Co-founder).
9.3 Immediate steps will be taken to ensure that the breach is contained and the effects of the breach minimised and mitigated as much as possible.
9.4 If the data breach is deemed by the IRT to be reportable to the Information Commissioner’s Office, the ICO will be notified within 72 hours of the discovery of the breach. The ICO can be informed via their website at: https://ico.org.uk/for-organisations/report-a-breach/ or by telephone: 0303 123 1113
9.5 In the case of a serious breach, Data Subjects whose data has been affected will be notified, in writing.
10. Compliance monitoring
10.1 The contact point for staff or members of the public wishing to enquire about the system will be the DPO by pre-arranged appointment.
10.2 Upon request enquirers will be provided with:
• A summary of this statement of policy
• An access request form if required or requested
• A subject access request form if required or requested
• A copy of the United Fitness Brands complaints procedures
10.3 All documented procedures will be kept under review and a report periodically made to senior management.
10.4 The effectiveness of the system in meeting its purposes will be kept under review and reports submitted as required to senior management.
Thank you for taking the time to read our CCTV Policy.
United Fitness Brands
This Policy was last updated on the 09th of April 2022.
External camera – exact location required e.g. outside main entrance
Shake bar area
Corridor between studios
Bench waiting area by Room 2
0203 034 0711
0203 034 0711
Hopefully that has clarified things for you and as was previously mentioned if there is something that you aren’t sure whether you need or not it’s usually safer to leave cookies enabled in case it does interact with one of the features you use on our site.
However if you are still looking for more information then you can contact us at firstname.lastname@example.org.
United Fitness Brands
This Policy was last updated on the 09th of April 2022
Download our Health Commitment Statement.