Privacy policy.

Litheform Privacy Policy (This policy was last updated: [01/09/2025] and is effective from [01/09/2025])

1. Who I am and how to contact me

  • I am Ruth Phelps, trading as Litheform, and I am the Data Controller for your personal data.

  • My business is a personal training and wellness coaching service.

  • You can contact me about data protection by emailing me at info@litheform.co.uk.

2. The purpose of this privacy policy This policy explains how I collect, use, and protect your personal data in accordance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018. It also outlines your rights in relation to your data.

3. What personal data I collect I only collect personal data that is necessary for the purposes outlined in this policy.

  • Contact Information: Your name, email address, and phone number.

  • Health and Fitness Information: Your responses to the Physical Activity Readiness Questionnaire (PAR-Q), any other health information you voluntarily provide, and your fitness goals and progress tracking data (e.g., weight, measurements, and session notes). This is considered special category data under UK GDPR.

4. The lawful basis for processing your data I must have a lawful reason for collecting and using your data. My lawful bases are:

  • Performance of a Contract: I need your contact information to manage our personal training contract, including scheduling sessions, sending invoices, and communicating with you about my services.

  • Explicit Consent: I can only process your sensitive health and fitness information with your explicit consent. I will ask you to provide this consent when you complete my health questionnaire and sign our client contract. You have the right to withdraw your consent at any time.

5. How I use your data I use your personal data for the following purposes:

  • To provide you with safe and effective personal training and coaching services.

  • To create a personalized training plan and track your progress.

  • To manage our sessions and appointments.

  • To comply with my legal obligations, including those related to tax and insurance.

6. How I store and secure your data I am committed to protecting your personal data and have implemented security measures to prevent unauthorised access or loss.

  • Digital Data: All digital data, including your health forms and session notes, is stored on a secure, password-protected Google Workspace business account. This account is protected by two-factor authentication.

  • Physical Data: Any physical copies of your signed contracts or forms are stored in a locked filing cabinet that is only accessible by me.

7. Who I share your data with I will not share your personal data with any third parties without your explicit consent, unless required to do so by law.

8. Your data protection rights Under UK GDPR, you have several rights in relation to your personal data. You can:

  • Request a copy of your data (a "Subject Access Request").

  • Ask for your data to be corrected if it is inaccurate.

  • Ask for your data to be deleted (the "right to be forgotten").

  • Object to me processing your data.

  • Withdraw your consent at any time.

To exercise any of these rights, please contact me using the details in Section 1.

9. How long I keep your data I will not keep your personal data for longer than is necessary. I will retain your records for 6 years after your last training session to comply with my legal, financial, and insurance obligations. After this period, your data will be securely and permanently deleted or shredded.

10. How to complain If you are unhappy with how I have handled your personal data, you have the right to lodge a complaint with the Information Commissioner's Office (ICO). You can find more information on their website at www.ico.org.uk.