Legal

Privacy Policy

Last updated: 28 April 2026

1. Who we are

Birn Fitness ("we", "us", "our") operates the fitness studio and website at 208 Bury New Rd, Manchester M8 8DD. We are the data controller for personal data collected through this website and our booking system.

For data-related enquiries, contact us at birnfitness@gmail.com.

2. What data we collect

  • Identity data — name, email address, phone number
  • Booking data — class bookings, payment type, waiver acceptance timestamp
  • Payment data — processed securely by Stripe; we never store card details
  • Communications data — messages sent via our contact form or email
  • Usage data — pages visited, device type (collected via server logs and cookies)

3. How we use your data

We use your personal data to:

  • Process and manage your class bookings
  • Send booking confirmations and receipts
  • Communicate about class changes or cancellations
  • Comply with legal obligations (e.g. financial records)
  • Send occasional updates about classes and offers (where you have opted in)
  • Improve our website and services

4. Legal basis for processing

Under UK GDPR, we rely on the following lawful bases:

  • Contract performance — to process your bookings and payments
  • Legitimate interests — to improve our services and prevent fraud
  • Legal obligation — to retain financial records as required by law
  • Consent — for marketing emails (you can withdraw at any time)

5. Data sharing

We share data only with trusted third parties required to deliver our services:

  • Stripe — payment processing (their privacy policy applies to payment data)
  • Vercel / Supabase — secure hosting and database infrastructure
  • Email providers — for transactional and marketing emails

We do not sell your personal data to third parties.

6. Data retention

We retain booking records for 7 years for financial compliance purposes. Marketing preferences and mailing list subscriptions are retained until you unsubscribe. You may request deletion of your account data at any time by emailing us.

7. Your rights

Under UK GDPR, you have the right to:

  • Access the personal data we hold about you
  • Correct inaccurate data
  • Request erasure ("right to be forgotten") where applicable
  • Restrict or object to processing
  • Data portability
  • Withdraw consent at any time
  • Lodge a complaint with the ICO (ico.org.uk)

To exercise any of these rights, contact us at birnfitness@gmail.com.

8. Cookies

We use essential cookies to keep you signed in and remember your preferences. For full details, see our Cookie Policy.

9. Security

We implement appropriate technical and organisational measures to protect your personal data against accidental loss, misuse, and unauthorised access. All data is transmitted over HTTPS and stored in encrypted databases.

10. Changes to this policy

We may update this policy periodically. Material changes will be communicated via email or a notice on our website. Continued use of our services after changes constitutes acceptance.