Forge and Flow Fitness

Forge and Flow Fitness is a modern fitness studio based in England, focused on strength, mobility and sustainable health. We combine evidence-based training, personal coaching and supportive community to help busy people build a strong, resilient body without burning out or wasting time on random workouts.

Privacy Policy

Last updated: [insert date]

  1. Introduction Forge and Flow Fitness ("we", "us", or "our") is committed to protecting and respecting your privacy. This Privacy Policy explains how we collect, use, disclose, and protect your personal data when you interact with us, including when you visit our website, use our services, or contact us in any way.

We operate in England and process your personal data in accordance with applicable data protection laws, including the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

By using our services, you agree to the collection and use of information in accordance with this Privacy Policy.

  1. Who we are Company name: Forge and Flow Fitness
    Category: Fitness
    Region: England

We provide fitness-related services which may include, for example, personal training, group classes, online coaching, fitness content, and related wellness offerings.

  1. Personal data we collect The types of personal data we may collect include:

3.1 Information you provide directly

  • Contact details: name, email address, telephone number, postal address.
  • Account information: username, password or other login details (if you create an account with us).
  • Profile information: date of birth, gender, fitness goals, interests, preferences.
  • Health and fitness information: relevant medical history you choose to share, injury information, exercise limitations, and other details required to tailor fitness programs safely.
  • Payment and billing details: billing address, transaction details (payment card details are typically processed by secure third-party payment providers and not stored in full by us).
  • Communications: information you provide in emails, messages, forms, feedback, surveys, or when you contact us by phone or via social media.

3.2 Information we collect automatically When you visit our website or use our online services, we may automatically collect:

  • Usage data: pages visited, time and date of visits, time spent on pages, clicks, navigation paths.
  • Technical data: IP address, browser type and version, device identifiers, operating system, and other technical information.
  • Cookies and similar technologies: information collected through cookies, web beacons, pixels, and similar tools (see "Cookies" section below).

3.3 Information from third parties We may receive personal data about you from:

  • Payment processors and booking platforms.
  • Social media platforms, when you interact with our profiles or use social logins.
  • Partners or referrers who help us provide our services.
  1. How we use your personal data We use your personal data for the following purposes, on the basis of the legal grounds set out below:

4.1 To provide and manage our services

  • To create and manage your account.
  • To deliver fitness and wellness services, including personal training plans, classes, and online content.
  • To tailor programs to your goals, preferences, and health information.
    Legal basis: performance of a contract; legitimate interests; and, where required, your explicit consent for health-related data.

4.2 To communicate with you

  • To respond to your enquiries and support requests.
  • To send you important service information, such as updates, confirmations, or changes to our terms.
    Legal basis: performance of a contract; legitimate interests.

4.3 Marketing and promotions

  • To send you newsletters, offers, and information about classes, events, and new services that may be of interest.
  • To personalise marketing content based on your preferences and interactions with us.
    Legal basis: consent (where required); legitimate interests. You may opt out of marketing communications at any time (see "Your rights" below).

4.4 Improving our services

  • To analyse how our services are used, monitor performance, and improve our offerings and user experience.
  • To conduct surveys, research, and analytics.
    Legal basis: legitimate interests.

4.5 Security and legal compliance

  • To protect the security and integrity of our systems, services, and users.
  • To detect and prevent fraud or misuse.
  • To comply with legal obligations and respond to lawful requests from authorities.
    Legal basis: legal obligations; legitimate interests.
  1. Special category data (health information) In order to provide safe and appropriate fitness services, we may collect health-related information you choose to share (e.g., medical conditions, injuries, exercise limitations).

This type of data is considered "special category data" under the UK GDPR. We will only process such data when it is necessary to provide our services and when one of the following applies:

  • You have given your explicit consent.
  • Processing is necessary for the provision of health or social care-type services in a fitness context, subject to appropriate safeguards.

You may withdraw your consent at any time, but this may affect our ability to provide certain services safely.

  1. Cookies and similar technologies We use cookies and similar technologies to:
    • Make our website function properly.
    • Remember your preferences and improve your experience.
    • Analyse traffic and usage patterns.
    • Support marketing and advertising, where applicable.

You can manage your cookie preferences through your browser settings or, where available, our cookie banner or preference centre. Disabling certain cookies may affect your ability to use some features of our website.

  1. How we share your personal data We do not sell your personal data. We may share your information with:

7.1 Service providers Trusted third parties that help us operate our business and deliver our services, such as:

  • Payment processors and billing providers.
  • Website hosting, IT, and cloud service providers.
  • Email and marketing platforms.
    These third parties are required to process your data only on our instructions and with appropriate security measures.

7.2 Professional advisers and legal obligations

  • Professional advisers such as lawyers, accountants, or insurers when necessary.
  • Law enforcement, regulators, or courts, where we are legally required to share information.

7.3 Business transfers If we undergo a reorganisation, merger, acquisition, or sale of assets, your personal data may be transferred as part of that transaction. We will ensure your rights remain protected and notify you where required by law.

  1. International transfers Where we transfer your personal data outside the United Kingdom or the European Economic Area, we will ensure that appropriate safeguards are in place, such as:

    • Using countries that the UK considers to provide an adequate level of data protection.
    • Implementing standard contractual clauses or equivalent legal mechanisms.
    • Applying additional technical and organisational measures, where necessary.

  2. Data security We take appropriate technical and organisational measures to protect your personal data from unauthorised access, loss, misuse, or alteration. These measures may include encryption, access controls, secure storage, and regular review of our security practices.

However, no method of transmission over the internet or method of electronic storage is completely secure. While we strive to protect your personal data, we cannot guarantee its absolute security.

  1. Data retention We retain your personal data only for as long as necessary for the purposes described in this Privacy Policy, including:
    • For as long as you have an active relationship with us.
    • For the period required to comply with legal, accounting, or reporting obligations.
    • For the period necessary to resolve disputes and enforce our agreements.

When your personal data is no longer needed, we will securely delete or anonymise it.

  1. Your rights Under the UK GDPR and applicable data protection laws, you have certain rights regarding your personal data, including:
    • Right of access: to obtain a copy of the personal data we hold about you.
    • Right to rectification: to correct inaccurate or incomplete data.
    • Right to erasure: to request deletion of your data in certain circumstances.
    • Right to restriction: to restrict the processing of your data in certain cases.
    • Right to data portability: to receive your data in a structured, commonly used, machine-readable format and to transmit it to another controller, where technically feasible.
    • Right to object: to object to processing based on our legitimate interests or for direct marketing purposes.
    • Rights relating to automated decision-making: to not be subject to a decision based solely on automated processing, including profiling, where it has legal or similarly significant effects.

You also have the right to withdraw your consent at any time where we rely on your consent to process your personal data.

To exercise any of these rights, please contact us using the contact details provided in the "Contact us" section below.

  1. Children’s privacy Our services are not directed at children under the age of 16, and we do not knowingly collect personal data from children under 16 without appropriate parental or guardian consent. If you believe a child has provided us with personal data without consent, please contact us so that we can take appropriate steps.

  2. Links to other websites Our website or communications may contain links to third-party websites or services that are not operated by us. We are not responsible for the privacy practices or content of these third-party sites. We encourage you to review their privacy policies before providing any personal data.

  3. Changes to this Privacy Policy We may update this Privacy Policy from time to time to reflect changes in our practices, technologies, legal requirements, or other factors. When we make changes, we will revise the "Last updated" date at the top of this page. We encourage you to review this policy periodically.

  4. Contact us If you have any questions about this Privacy Policy or how we handle your personal data, or if you wish to exercise your data protection rights, please contact us at:

Forge and Flow Fitness
[Insert postal address in England]
[Insert contact email]
[Insert contact telephone number]

You also have the right to lodge a complaint with the Information Commissioner’s Office (ICO), the UK supervisory authority for data protection, if you are unhappy with how we have used your data. For more information, please visit www.ico.org.uk.

Your Privacy at Forge and Flow Fitness

We use cookies and process certain personal data to improve your experience on the Forge and Flow Fitness website, analyse how our services are used and support secure, efficient bookings. You can choose which optional cookies to allow and change your preferences at any time. For detailed information about how we collect, store and protect your data, please read our full Privacy Policy before you continue browsing or submit any forms. View full Privacy Policy