Privacy Notice

James Cornaby Fitness takes your privacy seriously. This notice outlines how your personal information is collected, used, and protected in accordance with UK GDPR.

1. Who We Are

James Cornaby Fitness ("we", "us", or "our") provides personal training and fitness coaching services to clients both in person and online. For the purposes of data protection law, we are the data controller of your personal information - meaning we determine how and why your data is collected and used.

Our registered business address is:
📍 10 Huxhams Cross, Dartington, Totnes, Devon, UK

If you have any questions or concerns about how we handle your personal data, you can contact us at:
📧 jamescornabyfitness@gmail.com

We are registered with the Information Commissioner’s Office (ICO) under registration number ZB922317.

2. What Information We Collect

We collect a range of personal data to provide effective personal training and fitness coaching services. The type of information we collect depends on how you interact with us.

When you contact us through our website contact form or book a consultation (e.g. via TidyCal or Squarespace), we may collect your name, email address, phone number, and any information you include in your message or booking notes. If you simply browse our website, we may collect technical data such as your IP address, browser type, device information, and general usage statistics through cookies and analytics tools (please see our Cookie Policy for more details).

When you complete screening forms such as health questionnaires (e.g. PAR-Q), we collect information about your medical history, any existing conditions or medications, emergency contact details, and information about your previous exercise experience. This may include sensitive health data, which we treat with extra care and store securely in accordance with data protection law.

During physical assessments or ongoing coaching, we may collect and record fitness-related data such as height, weight, body measurements, performance test results, training history, progress notes, photos, and goals. If you use our PT Distinction app, we may collect your login email, exercise logs, nutrition tracking data (if used), and any progress photos or notes you submit.

If you make a purchase, we collect your contact details, billing address (if applicable), and transaction details. Please note we do not store full payment card information - all payments are processed securely by third-party providers such as Stripe.

We may also collect and retain the contents of emails or direct messages you send us, including any coaching discussions or client support queries. If you complete a feedback form or survey, we may collect your name (if provided) and your responses or opinions about our services.

3. Why We Collect It

We collect your personal information for the following purposes:

  • To ensure that any exercise or training we provide is safe, appropriate, and tailored to your individual health status, goals, and abilities

  • To design, monitor, and adapt a personalised fitness programme based on your needs and progress

  • To deliver coaching sessions, both in person and remotely, through platforms such as PT Distinction and online video services

  • To communicate with you regarding bookings, schedule changes, programme updates, or relevant coaching information

  • To enable session and programme purchases, manage bookings, and maintain accurate payment and service records

  • To meet legal and regulatory requirements, including fitness industry standards, safeguarding, and insurance obligations

  • To track your progress through assessments, training logs, and goal reviews, helping us evaluate and improve your outcomes

  • To maintain secure and up-to-date client records for ongoing service delivery

  • To request and review feedback, helping us improve our services and client experience

  • To respond to enquiries, resolve issues, and support your use of our services

  • To provide occasional updates about our services, offers, or events - but only where you have given consent or where we are otherwise permitted to do so under applicable data protection laws

4. Our Legal Basis for Processing Your Data

Under the UK General Data Protection Regulation (UK GDPR), we are required to have a valid legal basis for collecting and using your personal information. The specific legal bases we rely on include:

  • Consent – We may ask for your explicit consent to process certain types of personal data, particularly where it involves special category data such as information about your health. You have the right to withdraw your consent at any time.

  • Contract – We process your personal data when it is necessary to fulfil our contract with you, for example, to deliver personal training services, respond to enquiries, or manage bookings and payments.

  • Legal Obligation – In some cases, we are required to process your personal data to comply with legal or regulatory obligations. This may include maintaining records for insurance, safeguarding, tax, or fitness industry compliance.

  • Legitimate Interests – We may process your personal data where it is necessary for our legitimate interests as a business, provided those interests are not overridden by your rights. For example, we may use your data to improve our services, maintain client records, or communicate important service updates.

5. How We Store and Protect Your Data

We take the security of your personal information very seriously. Your data is stored securely using password-protected systems and reputable cloud-based platforms. Access to your information is strictly limited to authorised individuals who require it to provide you with our services.

Some personal data, such as signed health screening or consent forms, may be stored in physical (paper) form. These documents are kept in a locked and secure location to prevent unauthorised access.

Where we use third-party services - such as PT Distinction for coaching and client management, or TidyCal for appointment booking - we ensure that these providers comply with UK data protection laws and implement appropriate security measures to protect your information.

6. How Long Your Data is Kept

We retain your personal data only for as long as necessary to fulfil the purposes for which it was collected, including providing services to you, meeting legal, accounting, or insurance requirements, and resolving any potential disputes.

Client records, including health screening forms, assessment data, and programme notes, are typically kept for up to 7 years after your last session or contact. This retention period aligns with industry best practices and insurance obligations.

If you contact us but do not proceed with our services, your enquiry details will be kept for no more than 12 months, unless we have a legitimate reason to retain them for longer (e.g. for ongoing discussions or bookings).

Email correspondence and business records (e.g. invoices) may be retained for up to 7 years for tax and legal purposes.

Where you have given consent for marketing communications, we will retain your contact details until you withdraw your consent or unsubscribe, at which point your details will be removed from our marketing list.

Once your data is no longer needed, it will be securely deleted or destroyed.

7. Who We Share Your Data With

We do not sell or rent your personal data. However, in order to provide our services effectively, we may share certain personal data with trusted third parties who help us operate our business, deliver services, or meet legal obligations.

These third parties may include:

  • PT Distinction – for securely managing your coaching programmes, assessments, and client communications via the App.

  • TidyCal / Squarespace – for scheduling consultations, managing appointment bookings and contacting us.

  • Payment providers (e.g. Stripe) – to process your payments securely.

  • Google (Gmail) – for email communications.

  • Form providers or survey tools (e.g. Google Forms) – for collecting screening information or feedback.

All third-party providers we use are required to keep your data secure and are only permitted to process it for specified purposes in accordance with our instructions and relevant data protection law.

We may also disclose personal data where required to do so by law or in response to a lawful request from a regulatory or government authority.

8. Your Rights

Under UK data protection law, you have several rights regarding your personal information. These rights ensure that you remain informed and in control of how your data is used. You have the right to:

  • Access – You can request a copy of the personal data we hold about you.

  • Rectification – You can ask us to correct or complete any inaccurate or incomplete data.

  • Erasure – In certain circumstances, you can request that we delete your personal data (also known as the "right to be forgotten").

  • Restriction – You can ask us to temporarily stop processing your data if you believe it is inaccurate, being used unlawfully, or you’ve objected to its use.

  • Objection – You can object to the processing of your personal data when it is based on our legitimate interests or used for direct marketing.

  • Data Portability – You can request that we transfer your data to another provider, where applicable.

  • Withdraw Consent – Where we rely on your consent to process your data (e.g. for health screening or marketing), you can withdraw that consent at any time.

To exercise any of these rights, please contact us at 📧 jamescornabyfitness@gmail.com. We will respond to your request within one month, unless the request is particularly complex or you’ve made multiple requests.

You also have the right to lodge a complaint with the Information Commissioner’s Office (ICO) if you are unhappy with how we have handled your data. You can find more information on how to do this at www.ico.org.uk.

9. Cookie Notice

Our website uses cookies and similar technologies to improve your browsing experience, understand how the site is used, and help us deliver relevant content and services.

Our Cookie Policy can be found here.

10. How to Contact Us

If you have any questions about this privacy notice or how we handle your personal data, please contact us at:

📧 jamescornabyfitness@gmail.com
 📍 James Cornaby Fitness, 10 Huxhams Cross, Dartington, Totnes, Devon, UK

11. Changes to This Privacy Policy

We may update this privacy notice from time to time to reflect changes in our services, the way we handle personal data, or to comply with legal requirements.

When we make significant changes, we will notify you by email (if we have your contact details) or by posting a prominent notice on our website. We encourage you to review this privacy notice periodically to stay informed about how we protect your information.

This policy was last updated on: 18/09/2025