Privacy Notice

1. Who We Are

Defensive Fitness Academy (“DFA”, “we”, “our”, or “us”) provides self-defence and fitness training services in England & Wales.

For the purposes of UK data protection law, DFA is the Data Controller responsible for your personal data.

Contact Details:
Defensive Fitness Academy
Email: info@defensivefitness.co.uk
Telephone: 03333 390 660

If you have any questions about this Privacy Policy or your data, please contact us using the details above.

2. What Personal Data We Collect

We may collect and process the following categories of personal data:

Identity Data

• Full name
• Date of birth
• Gender (where relevant for safeguarding or class allocation)

Contact Data

• Email address
• Telephone number
• Postal address

Health Data (Special Category Data)

• Relevant medical conditions
• Injury history
• Emergency contact details

This information is collected only where necessary to ensure safe participation in physical training.

Financial Data

• Payment details (processed securely via third-party providers)
• Billing history

Technical Data

• IP address
• Browser type and version
• Device information
• Website usage data

Safeguarding Information

Where applicable:

• Parent/guardian details
• Consent forms
• Incident records

3. How We Collect Your Data

We collect personal data when you:

• Register for classes
• Complete membership forms
• Submit enquiries through our website
• Sign up for newsletters
• Make a payment
• Communicate with us by email, phone or in person
• Use our website (via cookies and analytics tools)

4. Lawful Basis for Processing

Under UK GDPR, we rely on the following lawful bases:

Contractual Necessity

To provide training services and manage your membership.

Legal Obligation

To comply with safeguarding, health & safety, and accounting obligations.

Legitimate Interests

To operate and improve our business, manage classes, and communicate with members.

Consent

For:

• Marketing communications
• Processing health (special category) data
  You may withdraw consent at any time.

Vital Interests

In emergency situations where medical information is required to protect your health.

5. How We Use Your Information

We use your personal data to:

• Register and manage memberships
• Deliver training services
• Ensure participant safety
• Process payments
• Respond to enquiries
• Send service updates
• Comply with legal and safeguarding requirements
• Improve our website and services

We do not sell your personal data to third parties.

6. Sharing Your Information

We may share data with:

• Payment processors
• Website hosting providers
• Email service providers
• Professional advisers (accountants, insurers, legal advisers)
• Regulatory authorities if legally required

All third parties are required to respect the security of your personal data and to treat it in accordance with the law.

7. Data Security

We implement appropriate technical and organisational measures to protect your data, including:

• Secure password-protected systems
• Limited staff access
• Secure storage of physical documents
• SSL encryption on our website

Despite our efforts, no system is completely secure. We encourage you to keep your login details confidential.

8. Data Retention

We retain personal data only for as long as necessary:

• Membership records: up to 6 years after membership ends
• Financial records: 6 years (HMRC requirement)
• Safeguarding records: in line with safeguarding legislation
• Marketing data: until consent is withdrawn

Data is securely deleted or destroyed once no longer required.

9. Your Data Protection Rights

Under UK GDPR, you have the right to:

• Access your personal data
• Request correction of inaccurate data
• Request erasure (“right to be forgotten”)
• Restrict processing
• Object to processing
• Data portability
• Withdraw consent at any time
• Lodge a complaint with the UK regulator

The UK supervisory authority is the
Information Commissioner’s Office (ICO)
Website: https://www.ico.org.uk

We aim to respond to all legitimate requests within one month.

10. Children’s Data

Where we provide services to children:

• We collect parent/guardian consent
• We comply with safeguarding requirements
• Parents/guardians may exercise data rights on behalf of their child

11. Cookies

Our website uses cookies to:

• Ensure proper website functionality
• Analyse visitor behaviour
• Improve user experience

For detailed information, please see our separate Cookie Policy.

12. Marketing Communications

We may send you marketing emails if:

• You have opted in, or
• You are an existing member and the communication relates to similar services.

You can unsubscribe at any time by clicking the unsubscribe link or contacting us directly.

13. International Transfers

We primarily store and process data within the UK.
If data is transferred outside the UK, we ensure appropriate safeguards are in place (e.g., adequacy decisions or standard contractual clauses).

14. Changes to This Policy

We may update this Privacy Policy from time to time.
The latest version will always be available on our website.

15. Policy Review

This Policy will be reviewed annually or sooner if significant changes occur within the club or venue.