PRIVACY POLICY


Last Updated: 22 March 2025

1. Who I Am

Richard is the Data Controller for the purposes of the UK General Data Protection Regulation (UK GDPR).

If you have any questions regarding this Privacy Policy or your personal data, you may contact:
Email: Richard@richardhealthcoach.com

2. What Data Is Collected

The following personal data may be collected and processed:

  • Name

  • Email address

  • Address

  • Payment information (processed via third-party providers)

  • Videos and images submitted by you

  • Health-related information, including injury, pain, and movement details

  • Communications between you and Richard

Health-related information is classified as special category data under UK GDPR.

Payment card details are not stored. All payments are processed securely through third-party payment providers, who are responsible for processing and storing payment information.

3. Why Your Data Is Collected

Personal data is processed for the following purposes:

  • Providing posture and movement analysis services

  • Communicating with you regarding your service

  • Processing payments

  • Record keeping and legal compliance

Health and movement-related data is processed solely for the purpose of providing fitness and assessment services and supporting training guidance.

4. Legal Basis for Processing

Personal data is processed under the following lawful bases:

  • Contractual necessity, to deliver free and or purchased services

  • Explicit consent, for processing health-related data and submitted videos or images

  • Legal obligations, where applicable

Data is also processed to fulfil contractual obligations when delivering free and or purchased services.

Personal data will not be used for marketing purposes without explicit consent. You may withdraw marketing consent at any time.

You may withdraw consent for processing special category data at any time. Withdrawal of consent does not affect the lawfulness of processing carried out prior to withdrawal.

5. Data Sharing

Personal data is not sold, rented, or traded with third parties.

Data is only shared with third-party service providers where necessary to deliver services, including payment processors, website hosting providers, and communication platforms. Such providers are required to process data in accordance with applicable data protection laws.

6. Data Storage and Security

Personal data is stored using secure, password-protected and encrypted systems where appropriate. Access is restricted to authorised personnel only. Reasonable technical and organisational measures are in place to protect personal data from unauthorised access, loss, misuse, or alteration.

7. Data Retention

Personal data is retained for up to three years after the last service interaction for legal defence purposes, service continuity, and record keeping requirements. Data may be deleted earlier upon request where there is no overriding legal requirement to retain it.

8. International Transfers

If personal data is transferred outside the United Kingdom, appropriate safeguards will be used in accordance with UK GDPR, such as standard contractual clauses or equivalent approved transfer mechanisms.

9. Your Rights

Under UK GDPR, you have the right to:

  • Access your personal data

  • Correct inaccurate data

  • Request deletion of your data

  • Restrict processing of your data

  • Withdraw consent where processing is based on consent

  • Object to processing where applicable

You have the right to lodge a complaint with the UK Information Commissioner’s Office (ICO) if you believe your data has been mishandled.

10. Updates to This Policy

This Privacy Policy may be updated from time to time. The latest version will always be available on the website. Continued use of services following updates constitutes acknowledgement of the revised policy.