If you have any further questions about our Privacy Policies, email us at firstname.lastname@example.org
1. WHO ARE WE?
This Service is operated by The Core Collective Health Limited “Core Collective”, which is a company registered in England and Wales with company number 08944434. Its registered office is at JOSHUA LEIGH & CO, Alpha House, 176a High Street, Barnet, Hertfordshire, EN5 5SZ.
2. COLLECTION AND USE OF PERSONAL INFORMATION
Our website collects personal information about you when you use a link or a contact form to send us an email. If, in that email or any attachment to the email, you voluntarily provide us with personally identifiable information about yourself, such as your name, email, address or telephone number, we will collect and store that personal information. By using that link or contact form you consent to us doing so.
This website is not intended for children and we do not knowingly collect data relating to children under the age of 18.
What data do we collect?
Information that we may collect from you or you provide to us includes:
Identity Data includes first name, last name, username or similar identifier, marital status, title, date of birth and gender.
Contact Data includes your email address, telephone number and postal address.
Technical Data includes internet protocol (IP) address, your login data, browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform and other technology on the devices you use to access this website.
Profile Data includes your username and password, preferences, feedback and survey responses as well as information about the service providers you use and that you set up via our Service.
Usage Data includes information about how you use our website, products and services.
Marketing and Communications Data includes your preferences in receiving marketing from us and our third parties and your communication preferences.
If you do not wish to provide this information to us you should not use the Service. If you have already begun using the Service, you should stop using it immediately.
We also collect, use and share Aggregated Data such as statistical or demographic data for any purpose. Aggregated Data may be derived from your personal data but is not considered personal data in law as this data does not directly or indirectly reveal your identity. For example, we may aggregate your Usage Data to calculate the percentage of users accessing a specific website feature. However, if we combine or connect Aggregated Data with your personal data so that it can directly or indirectly identify you, we treat the combined data as personal data which will be used in accordance with this privacy notice.
We collect information about your exercise activities and we consider that this is a Special Category of Personal Data to the extent that it relates to your health. We do so only in order to perform our obligations to you under your contract with us to provide the products and services you purchase from us.
Apart from as described above, we do not collect any other Special Categories of Personal Data about you (this includes details about your race or ethnicity, religious or philosophical beliefs, sex life, sexual orientation, political opinions, trade union membership, information about your health and genetic and biometric data). Nor do we collect any information about criminal convictions and offences.
3. CONTROL AND PROCESSING OF PERSONAL INFORMATION
We process personal data on behalf of our customers, who use our Service to gather information about an application made to them. However, when we, Core Collective, do this we do so as a Data Controller under UK data protection law. This means that we may make independent decisions about how personal information is processed in order to provide the Services to our users and customers. For example, we may store your personal information in our accounting and point of sale systems or customer relationship management software in order to record and process your personal data so as to be able to provide you with the Service that you have purchased from us.
How we use your personal data
We will only use your personal data when the law allows us to. Most commonly, we will use your personal data in the following circumstances:
- Where we need to perform the contract we are about to enter into or have entered into with you.
- Where it is necessary for our legitimate interests (or those of a third party) and your interests and fundamental rights do not override those interests.
- Where we need to comply with a legal or regulatory obligation.
Scroll down to find out more about the types of lawful basis that we will rely on to process your personal data.
Generally we do not rely on consent as a legal basis for processing your personal data other than in relation to sending third party direct marketing communications to you via email or text message. You have the right to withdraw consent to marketing at any time by contacting us.
Purposes for which we will use your personal data
We have set out below, in a table format, a description of all the ways we plan to use your personal data, and which of the legal bases we rely on to do so. We have also identified what our legitimate interests are where appropriate.
Note that we may process your personal data for more than one lawful ground depending on the specific purpose for which we are using your data. Please contact us if you need details about the specific legal ground we are relying on to process your personal data where more than one ground has been set out in the table below.
Type of data
Lawful basis for processing including basis of legitimate interest
To register you as a new customer
Performance of a contract with you
To provide our services:
(a) Manage payments, fees and charges
(b) Collect and recover money owed to us
(e) Marketing and Communications
(a) Performance of a contract with you
(b) Necessary for our legitimate interests (to recover debts due to us)
To manage our relationship with you which will include:
(b) Asking you to leave a review or take a survey
(d) Marketing and Communications
(a) Performance of a contract with you
(b) Necessary to comply with a legal obligation
(c) Necessary for our legitimate interests (to keep our records updated and to study how customers use our products/services)
To administer and protect our business and this website (including troubleshooting, data analysis, testing, system maintenance, support, reporting and hosting of data)
(a) Necessary for our legitimate interests (for running our business, provision of administration and IT services, network security, to prevent fraud and in the context of a business reorganisation or group restructuring exercise)
(b) Necessary to comply with a legal obligation
To deliver relevant website content and advertisements to you and measure or understand the effectiveness of the advertising we serve to you
(e) Marketing and Communications
Necessary for our legitimate interests (to study how customers use our products/services, to develop them, to grow our business and to inform our marketing strategy)
To use data analytics to improve our website, products/services, marketing, customer relationships and experiences
|Necessary for our legitimate interests (to define types of customers for our products and services, to keep our website updated and relevant, to develop our business and to inform our marketing strategy)|
4. SHARING OF PERSONAL INFORMATION
It is necessary for the operation of our service for you or us to disclose your personal information to:
- our third party suppliers whose products and services we use to deliver the Service;
- employees and agents, and any current or future group companies and their employees and agents, for the purpose of communicating with you; AND
- anyone who may purchase any or all of our assets, including your personal information (we will contact you using the details you provide if there is any change in the person controlling your information).
As a result of us disclosing your personal information to any of the parties mentioned above, you consent to your personal information being held by us and additionally by the parties mentioned above for the purposes of providing the Service.
5. IP ADDRESSES AND COOKIES
6. SECURITY OF PERSONAL INFORMATION
We take the security and disclosure of personal information very seriously and as such we will not sell, trade, rent or otherwise provide personal information sent to us via the Service to any third parties save as set out in the table above. We may have to share your personal data with the third parties set out below:
- Internal Third Parties as set out in the Glossary
- External Third Parties as set out in the Glossary
We are mindful of the importance of upholding the security of information under our control. All data collected through our website that is stored electronically, is stored on secure servers, and we have stringent security and confidentiality procedures covering the storage and disclosure of such information, in accordance with UK and EU data protection law.
We endeavour to take all reasonable steps to protect the privacy of your personal information. However, we cannot guarantee the security of any personal information you disclose on-line. You accept the inherent security risks of providing information and transacting over the Internet, and will not hold us responsible for any breach of security, unless this is due to our negligence or wilful default.
7. DATA RETENTION
We will only retain your personal data for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements. This generally means we will normally keep your personal data while you or your employer have an ongoing relationship with us.
To determine the appropriate retention period for personal data, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal requirements.
In some circumstances you can ask us to delete your data: see Request erasure below for further information.
In some circumstances we may anonymise your personal data (so that it can no longer be associated with you) for research or statistical purposes in which case we may use this information indefinitely without further notice to you.
8. OTHER WEBSITES
Some websites that have links to and from our website from time to time may also use their own cookies. We have no access to, or control over these cookies, and you are advised to check the cookie policies on such other websites or to amend your website browser's settings with respect to cookies accordingly.
If you visit a website that has been linked to from our website, you should review the privacy and cookies policies of that website or service in order to understand how that website or service is using any personal information that they have collected.
9. YOUR LEGAL RIGHTS
Under certain circumstances, you have rights under data protection laws in relation to your personal data. Please scroll down to the Glossary Section below to find out more about these rights:
- Request access to your personal data.
- Request correction of your personal data.
- Request erasure of your personal data.
- Object to processing of your personal data.
- Request restriction of processing your personal data.
- Request transfer of your personal data.
- Right to withdraw consent.
If you wish to exercise any of the rights set out above, please contact us.
No fee usually required
You will not have to pay a fee to access your personal data (or to exercise any of the other rights). However, we may charge a reasonable fee if your request is clearly unfounded, repetitive or excessive. Alternatively, we may refuse to comply with your request in these circumstances.
What we may need from you
We may need to request specific information from you to help us confirm your identity and ensure your right to access your personal data (or to exercise any of your other rights). This is a security measure to ensure that personal data is not disclosed to any person who has no right to receive it. We may also contact you to ask you for further information in relation to your request to speed up our response.
Time limit to respond
We try to respond to all legitimate requests within one month. Occasionally it may take us longer than a month if your request is particularly complex or you have made a number of requests. In this case, we will notify you and keep you updated.
means the interest of our business in conducting and managing our business to enable us to give you the best service/product and the best and most secure experience. We make sure we consider and balance any potential impact on you (both positive and negative) and your rights before we process your personal data for our legitimate interests. We do not use your personal data for activities where our interests are overridden by the impact on you (unless we have your consent or are otherwise required or permitted to by law). You can obtain further information about how we assess our legitimate interests against any potential impact on you in respect of specific activities by contacting us.
Performance of Contract means processing your data where it is necessary for the performance of a contract to which you are a party or to take steps at your request before entering into such a contract.
Comply with a legal or regulatory obligation means processing your personal data where it is necessary for compliance with a legal or regulatory obligation that we are subject to.
Internal Third Parties
Other companies in the Core Collective Group who may be incorporated in the future and Dibs Technology, Inc who provide various IT and software product services and are based in the United States of America.
External Third Parties
Service providers acting as processors based in the EU who provide IT and system administration services.
Professional advisers including lawyers, bankers, auditors and insurers based in the United Kingdom who provide consultancy, banking, legal, insurance and accounting services.
HM Revenue & Customs, regulators and other authorities based in the United Kingdom who require reporting of processing activities in certain circumstances.
YOUR LEGAL RIGHTS
You have the right to:
Request access to your personal data (commonly known as a "data subject access request"). This enables you to receive a copy of the personal data we hold about you and to check that we are lawfully processing it.
Request correction of the personal data that we hold about you. This enables you to have any incomplete or inaccurate data we hold about you corrected, though we may need to verify the accuracy of the new data you provide to us.
Request erasure of your personal data. This enables you to ask us to delete or remove personal data where there is no good reason for us continuing to process it. You also have the right to ask us to delete or remove your personal data where you have successfully exercised your right to object to processing (see below), where we may have processed your information unlawfully or where we are required to erase your personal data to comply with local law. Note, however, that we may not always be able to comply with your request of erasure for specific legal reasons which will be notified to you, if applicable, at the time of your request.
Object to processing of your personal data where we are relying on a legitimate interest (or those of a third party) and there is something about your particular situation which makes you want to object to processing on this ground as you feel it impacts on your fundamental rights and freedoms. You also have the right to object where we are processing your personal data for direct marketing purposes. In some cases, we may demonstrate that we have compelling legitimate grounds to process your information which override your rights and freedoms.
Request restriction of processing of your personal data. This enables you to ask us to suspend the processing of your personal data in the following scenarios: (a) if you want us to establish the data's accuracy; (b) where our use of the data is unlawful but you do not want us to erase it; (c) where you need us to hold the data even if we no longer require it as you need it to establish, exercise or defend legal claims; or (d) you have objected to our use of your data but we need to verify whether we have overriding legitimate grounds to use it.
Request the transfer of your personal data to you or to a third party. We will provide to you, or a third party you have chosen, your personal data in a structured, commonly used, machine-readable format. Note that this right only applies to automated information which you initially provided consent for us to use or where we used the information to perform a contract with you.
Withdraw consent at any time
where we are relying on consent to process your personal data. However, this will not affect the lawfulness of any processing carried out before you withdraw your consent. If you withdraw your consent, we may not be able to provide certain products or services to you. We will advise you if this is the case at the time you withdraw your consent.
CORE COLLECTIVE – HOW WE CONTACT CUSTOMERS AND OTHERS
This page provides information about how we use and share personal data relating to our customer contacts and their representatives.
1. WHAT DO WE USE CUSTOMER PERSONAL DATA FOR?
This section explains the purposes for which we use personal data about our customer contacts and their representatives.
We use personal data for marketing purposes. This includes informing you about products and services that we think may be of interest to you and providing you with related materials such as news items and blog posts. We would contact you for marketing purposes by email, telephone or post with your consent and would stop any such communication upon your request. You might also be contacted through any channel for other purposes – for example, as part of our ordinary relationship management activity and as necessary to deliver the Service.
We use personal data for relationship management purposes. Relationship management is the ongoing maintenance of our relationship with our customers. This could include activities such as letting you know about product changes or planned maintenance activity, contacting you with billing enquiries, dealing with your enquiries, or asking you for feedback or about what sorts of products, services or classes you want us to develop.
Sometimes we might need to use your personal data to provide you with information, services and facilities that you have asked for. For example, if you ask us for a brochure for one of our products, more information about one of our gyms or information about any of our food or restaurant services.
Monitoring and improving our websites
We may use information such as how different people navigate around our websites, how long they spend on particular pages, whether they download any of our content (including product brochures, white papers and so on) or watch videos in order to help improve the user experience of our websites and your experience of them.
2. WHAT ARE OUR LEGAL GROUNDS FOR HANDLING PERSONAL DATA?
Generally speaking, we rely on your consent to make contact with you by email for marketing purposes. You can withdraw that consent and ask us to delete your information at any time by contacting us directly via email@example.com – please see section 6 below.
In relation to sensitive personal information, such as information about your visits to our gyms and any health information that you share with us or our employees or agents in the course of taking a class with us, we process this sensitive personal information only with your explicit consent. By providing that information in the course of using our Service, you are consenting to us doing explicity. You may revoke that consent at any time.
The United Kingdom’s data protection law also allows the use of personal data where the benefits (or “legitimate interests”) of doing so outweigh the possible negative implications for the relevant individuals. These are the grounds on which we usually rely when we use your information for anything other than making contact with you by email for marketing purposes with your consent.
In some circumstances, we may have other grounds to process personal data for example:
- Necessary for performance of a contract with the relevant individual, or to take steps for entering into a contract. For example, if you sign up to one of our products or services online or in one of our gyms, it will often be necessary for us to use your details in order to provide that product or service and you must consent to our use of your details to the extent required to provide that product or service in order to use that product or service.
- Necessary in order to comply with a legal obligation. For example, some regulators, government bodies and courts have powers to order us to provide personal information and, like any other organisation, we sometimes have to comply with their requests and we whilst we may make commercially reasonable efforts to defend personal information from unjustified regulatory or governmental access, we cannot make any guarantee about the extent to which we are able to do so.
3. WHO DO WE SHARE THE INFORMATION WITH?
Your personal data may be shared between the employees and agents of The Core Collective Health Limited to allow them to perform their job functions and current or future members of The Core Collective Limited’s group and their employees and agents.
We also provide your information to third parties who help us use it to deliver the service. For example:
- We use a third party booking and customer relationship management software provided by Dibs Technologies, Inc (“MindBody”) in order for you to book classes and to keep your details for future bookings as well as your preferences in relation to marketing.
- We also allow you to book through other third parties including ClassPass and others from time to time.
- We also use the credit card payment processing services provided by MindBody for taking online payments.
- We use a ‘PDQ’ terminal for processing credit card payments in our gyms and kitchens• We +use printing companies to produce and send personalised direct mail.
- Our database of personal data may be hosted by, but not accessible to, third parties on our behalf.These service providers will not be allowed to use your information for their own purposes or on behalf of other organisations and we have taken contractual and operational steps to protect any personal data shared for these purposes with third parties.
4. WHERE IN THE WORLD IS THE INFORMATION SENT?
We are based in the United Kingdom, and will normally access and use your information from here. Mindbody has operations in the US and personal data may be accessed from there too. In the case of the United Kingdom, the use of the information in there is protected by European data protection standards. In providing the Service to you, we may transfer your personal data outside of the EU. By using the Service you consent to our doing so. When we do so we ensure that we have adequate contractual and procedural measures in place to protect any such transfers of personal data outside the EU.
5. FOR HOW LONG IS THE INFORMATION RETAINED?
We will normally keep your personal data while you have an ongoing relationship with us or if you have demonstrated an interest in our products and services within the past two years. You can request us to delete it earlier as explained in section 6.
6. WHAT RIGHTS DO YOU HAVE IN RESPECT OF THE INFORMATION THAT WE HOLD ABOUT YOU?
You have several different rights in relation to the personal data that we hold about you. These are briefly described below.
Access: You have a right to find out what personal data we hold about you, and certain other information such as how we are using it. From 25 May 2018, you also have a right to receive information in a portable format in certain circumstances.
Rectification: If you believe that the information that we hold about you is inaccurate or out of date, you have a right to get it corrected.
Withdrawal of consent / objection: Where we rely on your consent to use your personal data, you are free to withdraw that consent at any time. In any other cases, you can let us know that you object to us using your personal data (for example, if you do not want to receive marketing calls from us any more)
Deletion: If you want us to delete your personal data, you can ask us to do so at any time. (However, you may wish us to retain your basic details on a suppression file so that we do not subsequently contact you if we receive your details again in the future.)
Restriction: You can ask us to restrict our use of your personal data in some circumstances, such as while we are verifying whether the information is accurate. While the information is restricted, it can only be used for certain limited purposes such as bringing or defending legal claims, or protecting another person. It cannot be used or shared for ordinary purposes.
If you have any questions about our processing of personal information, or the rights set out in these Privacy Policies and how to exercise them you can write to:
The Data Protection Officer
The Core Collective Health Limited
45 Phillimore Walk,
Holland Park, London W8 4RZ
CORE COLLECTIVE – HOW YOUR ONLINE AND LOGIN DATA IS HANDLED
We maintain our servers in a highly secure server environment with 24 X 7 monitoring, surveillance and support to prevent unauthorized access and data security. Advanced security measures including firewalls, security guards and surveillance are taken to ensure the continued service and protection of our services from natural disaster, intruders and disruptive events.
2. PASSWORDS AND LOGIN CREDENTIALS
Your passwords and other login credentials may pass through Core Collective servers or those of its service provider partners, in particular our database and booking platform which is run by MindBody. When you enter this confidential information, it goes straight to the secure website.
Neither Core Collective’s employees nor any of its contractors or service provider partners can obtain or access your passwords or other login credentials entered by you. We will also never ask you for your passwords or other login credentials via mail, email or telephone or in any other unsolicited manner and you should not give them out to someone claiming to be from Core Collective who is asking for them.
3. INFORMATION WE COLLECT
Our Service collects, encrypts and securely transfers confidential, personal information. By accessing the Service and entering information required from time to time to complete a form on our website or in our Service customers consent to Core Collective providing this service to service provider partners, such as MindBody. We may store this confidential, for so long as you are actively involved with the Core Collective and then for a period of 2 years after you have ceased to use our Services.
We collect and log aggregate user statistics and website traffic. Such information includes traffic statistics, date and time of visits, device and browser type used to access the service, frequency of visits, etc. We use this information to improve the services delivered to our customers, to track and diagnose software performance problems and to administer our website. We may disclose such aggregated user statistics in order to describe our services to prospective partners, investors, affiliates and other third parties for lawful purposes.
If you have any further questions about our Privacy Policies, email us at firstname.lastname@example.org.
1. WHAT ARE COOKIES?
A cookie is a small file of letters and numbers that we put on your device when you browse our website.
The cookies we use are “analytical” cookies. They allow us to recognise and count the number of visitors to our website and to see how visitors move around the website. This helps us to provide visitors with a better experience and improve the way our websites work, for example by ensuring that visitors are finding what they are looking for easily.
Our cookies are not used to collect information which (by itself) allows us to identify who you are.
3. HOW TO CONTROL COOKIES
Most web browsers allow some control of most cookies through the browser settings. For more information on this, and more information about cookies in general, you may wish to visit www.aboutcookies.org. For information about how to delete cookies from your mobile device you may need to refer to your handset manual.
Please be aware that restricting cookies is likely to affect your ability to use our websites effectively and may make areas of our websites inaccessible or inoperable.
You can find more information about cookies here: www.allaboutcookies.org.