Last updated: [31-01-2026]

Terms of Service, Privacy & Cookie Policy

We respect your privacy and are committed to protecting your personal data. This Privacy & Cookie Policy explains what information we collect, how we use it, who we share it with, and your rights under the UK General Data Protection Regulation (UK GDPR).

What this policy covers

This policy explains what personal data we collect, why we collect it, and how it’s used when you visit the site, get in touch, or work with embodyit. It also outlines how your data is stored, how long it’s kept, who it may be shared with, and the rights you have over your information.

In short: we only collect what’s necessary, use it responsibly, keep it secure, and give you full control over your data.

1. Who We Are

This Privacy Policy explains how personal data is collected, used, and protected by:

Business name: embodyit® is a registered trademark. International Registration No. 1,889,746.

Business Type: Personal training services; fitness training; provision of exercise classes and instruction, both in-person and online.

Trainer / Data Controller: Joel Seckleman

Location: United Kingdom

For the purposes of UK data-protection law, Joel Seckleman is the data controller responsible for your personal data.

2. What Personal Data We Collect

We may collect and process the following categories of personal data:

a) Identity & Contact Information

  • Name

  • Email address

  • Telephone number

  • Address (where provided)

b) Booking & Service Information

  • Session bookings and attendance records

  • Programme type (subscription, shared membership, single session, transformation programme)

  • Payment status (but not full card details)

c) Health & Safety Information

  • Health screening information provided via PAR-Q or similar questionnaires

  • Injury history, medical disclosures, medications, or limitations relevant to exercise safety

  • Emergency contact details

This information is treated as special category data under UK GDPR.

d) Technical & Website Data

  • IP address

  • Browser type and device information

  • Pages visited and interactions (via analytics tools)

3. How We Use Your Personal Data

Your data is used only where necessary and for legitimate purposes, including:

  • Delivering personal training services safely and effectively

  • Designing and supervising training sessions

  • Managing bookings, schedules, subscriptions, and payments

  • Communicating with you about sessions or services

  • Meeting legal, insurance, and safety obligations

  • Improving website performance and user experience

We do not sell your data or use it for unrelated marketing.

4. Lawful Bases for Processing (UK GDPR)

We process personal data under the following lawful bases:

Purpose

Lawful Basis

Delivering training services

Performance of a contract

Booking & payment administration

Performance of a contract

Health & safety screening

Explicit consent + vital interests

Emergency contact use

Vital interests

Client communications

Legitimate interests

Marketing emails/newsletters (if applicable)

Consent

Legal, insurance, or tax records

Legal obligation

Website analytics

Legitimate interests

 

You may withdraw consent for consent-based processing at any time.

 

5. Special Category Health Data

Health and medical information is processed only to ensure your safety during training.

  • This data is collected with your explicit consent

  • It is accessed only by the Trainer

  • It is never shared without legal necessity or your consent

  • In an emergency, relevant information may be shared with medical services

6. Data Retention Periods

We retain personal data only for as long as necessary:

Data Type

Retention Period

Contact & booking data

Up to 24 months after last session

Health screening forms

Up to 7 years (insurance and liability purposes)

Session records & notes

Up to 7 years

Payment & invoicing records

6 years (tax/legal requirement)

Marketing consent records

Until consent is withdrawn

Website analytics

Up to 26 months

Data is securely deleted or anonymised once no longer required.

 

Data is securely deleted or anonymised once no longer required.

7. Who We Share Data With

We may share limited data with trusted third-party service providers who act as data processors, including:

  • Booking systems (e.g. Calendly)

  • Email services (e.g. Mailchimp, if used)

  • Payment processors (e.g. Stripe — card data is handled directly by them)

  • Website analytics providers (e.g. Google Analytics)

All third parties are required to process data securely and lawfully.

We do not share data with other trainers, gyms, or third parties for marketing.

8. International Data Transfers

Some service providers may process data outside the UK.

Where this occurs, appropriate safeguards are in place, such as:

  • UK-approved International Data Transfer Agreements (IDTA), or

  • UK-recognised Standard Contractual Clauses

These safeguards ensure your data receives equivalent protection.

9. Your Rights Under UK GDPR

You have the right to:

  • Access your personal data

  • Request correction of inaccurate data

  • Request deletion of data (where applicable)

  • Restrict or object to processing

  • Withdraw consent at any time

  • Request data portability

  • Lodge a complaint with the Information Commissioner’s Office (ICO)

10. How to Exercise Your Rights

To exercise any of your rights, contact:

Email: begin@embodyit.now

We will respond within one month, as required by law.

If you are unhappy with how your data is handled, you may complain to:

Information Commissioner’s Office (ICO)

www.ico.org.uk

11. Cookies & Website Analytics

Our website uses cookies and analytics tools to:

  • Understand website usage

  • Improve functionality and content

  • Maintain security

Cookies and third-party services

This website uses a small number of standard cookies and similar technologies to ensure the site functions correctly and to understand how visitors use the site.

These may include:

  • Essential cookies – required for basic site functionality and security

  • Analytics cookies – used to understand how visitors interact with the website (for example, page views and traffic sources)

  • Scheduling and booking cookies – used when you book or manage sessions through third-party services

Session bookings and scheduling are handled via Calendly, which may place its own cookies or process personal data in accordance with its policies. You can view Calendly’s terms and privacy information here:

https://calendly.com/legal

You can control or delete cookies through your browser settings at any time. Blocking some cookies may affect how parts of the site function.

12. Data Security

We take appropriate technical and organisational measures to protect personal data, including:

  • Secure storage systems

  • Password-protected devices and accounts

  • Limited access to sensitive data

No system is completely secure, but we take reasonable steps to minimise risk.

13. Changes to This Policy

This Privacy Policy may be updated from time to time to reflect legal or operational changes.

The latest version will always be published on our website.

From time to time, additional tools or services may be introduced to support website functionality, analytics, communication, or service delivery. Where this occurs, this policy will be updated as required, and any third-party processing will be subject to appropriate safeguards and their own published privacy terms.

14. Contact

If you have any questions about this Privacy Policy or how your data is handled, please contact:

embodyit.now
Email: begin@embodyit.now
Address: Joel Seckleman c/o 167-169 Great Portland Street, 5th Floor, London, W1W 5PF, United Kingdom