What is GDPR?
The GDPR stands for General Data Protection Regulation. It is the new European Union (EU) legislation that updates and reforms the laws that address the handling of personal data.
It applies to the personal data of everyone in EU regardless of where the information is collected, stored or processed.
Bootcamp Ireland will always get consent from our members to store and use personal information. As we collect personal data from you, we will provide our members and clients giving the data, a clear description about what the information will be used for.
The GDPR states It must be as easy to withdraw the consent as it is to give it, for further information on how to do this, click here to contact us.
Bootcamp Ireland collects personal identifiable information such as :
Name and Date of Birth
E-mail address & Physical Address
Membership number & Telephone Contact
Website Visit information
IP-addresses & Billing details
Client Health and progress data
What do we do with this data?
As we collect the data about our members, we are designated as a data controller under GDPR – this means that we determine the purpose and means of processing the data for our business needs.
Information that we receive is used to create membership accounts for Bootcamp Ireland, using Mindbody Customer management software who are the data processors. The data allows tracking of membership usage, class bookings, payments and various other information.
Other data collected by Personal trainers are used to keep track of members progression and fitness activities.
Collecting this data helps us understand what you are looking from the company, enabling us to deliver improved products and services.
Specifically, we may use data:
· For our own internal records.
· To improve the products and services we provide.
· To contact you in response to a specific enquiry.
· To customise the website for you.
· To send you promotional emails about products, services, offers and other things we think might be relevant to you.
· To send you promotional mailings or to call you about products, services, offers and other things we think might be relevant to you.
· To contact you via email, telephone or mail for market research reasons.
Under Article 28 of the regulation we have a responsibility to implement appropriate technical and organisational measures to demonstrate that when you collect personal data, it is processed in a manner compliant with the requirements of the GDPR.
Rights of Data Subjects:
You have the right to know how you can access, correct and delete the information we have collected about you. Individuals have the right to object to direct marketing and in certain situations the processing of personal data and also the right to be forgotten where there is no reason for retaining their details.
Data Security and Privacy by design:
IT systems must minimize the risks of unauthorized access to and/or loss of personal data. They should also be designed to process and store only that information which is required to fulfill the purpose for which it was collected.
The MIndbody website uses multi layered encryption to ensure all data is safe and secure. Any information sent to us through contact forms, feedback as well as questionnaires is also encrypted.
Data Breach Notification:
Businesses and organisations must report security breaches related to data privacy within 72hrs, and individuals have the right to be notified if a breach puts their rights and security at risk.