Privacy Policy

Last updated: 9 April 2026

Introduction

glow-fern Ltd ("we", "our", or "us") is committed to protecting your privacy. This policy explains how we collect, use, and safeguard your personal information when you use our services or visit our website.

We are registered in England and Wales under company number 09234567, with our registered office at 42 Deansgate Mews, Manchester, M3 2FF, United Kingdom.

Information we collect

We collect and process the following categories of personal information:

Information you provide directly

When you register for our services, book sessions, or contact us, you may provide:

  • Name and contact details including email address and postal address
  • Payment and billing information
  • Health and medical information relevant to safe exercise prescription
  • Training history and fitness goals
  • Emergency contact information
  • Correspondence with us including emails and messages

Information we collect automatically

When you visit our website, we may automatically collect:

  • Technical information including IP address, browser type, and operating system
  • Usage data including pages visited, time spent on pages, and navigation paths
  • Cookie data as described in our Cookies Policy

Information from training sessions

To track your progress and deliver effective coaching, we record:

  • Attendance records and session notes
  • Performance metrics including weights lifted, distances, and times
  • Movement assessments and technique observations
  • Progress photographs if you consent to these being taken

How we use your information

We process your personal data for the following purposes:

Service delivery

  • To provide training, coaching, and nutrition services you have purchased
  • To communicate with you about your sessions and programme
  • To track your progress and adapt your training appropriately
  • To ensure your safety during exercise by considering relevant health conditions

Business operations

  • To process payments and maintain financial records
  • To manage bookings and scheduling
  • To respond to enquiries and provide customer support
  • To maintain accurate records for insurance and liability purposes

Improvement and development

  • To analyse how our services are used and identify areas for improvement
  • To conduct satisfaction surveys and gather feedback
  • To develop new services and training programmes

Legal compliance

  • To comply with legal obligations including tax and accounting requirements
  • To establish, exercise, or defend legal claims
  • To protect the rights and safety of our staff, members, and facilities

Legal basis for processing

We process your personal data under one or more of the following legal bases:

  • Contractual necessity: Processing required to deliver the services you have purchased or to take steps at your request prior to entering a contract
  • Consent: Where you have given explicit consent, such as for processing health data or taking progress photographs
  • Legitimate interests: For business operations, improvement of services, and prevention of fraud, where such interests are not overridden by your rights
  • Legal obligation: Where we must process data to comply with laws and regulations

Special category data

We process health information, which is considered special category personal data under data protection law. We only process this information where:

  • You have given explicit consent for us to do so
  • Processing is necessary for preventive or occupational medicine, or to protect vital interests
  • It relates to data you have manifestly made public

Health information is handled with particular care and is only accessed by coaches directly involved in delivering your training.

Data sharing and disclosure

We do not sell or rent your personal information to third parties. We may share your data with:

  • Service providers: Payment processors, booking systems, and email services that help us operate our business. These providers process data on our behalf under strict confidentiality agreements
  • Professional advisers: Lawyers, accountants, and insurers where necessary for professional advice or claims handling
  • Medical professionals: With your explicit consent, we may share relevant information with your GP, physiotherapist, or other healthcare providers
  • Legal authorities: Where required by law or to protect legal rights

Data retention

We retain your personal information for as long as necessary to fulfil the purposes described in this policy:

  • Client records are retained for seven years after your last session, in line with insurance and liability requirements
  • Financial records are retained for six years to comply with tax obligations
  • Marketing communications are retained until you unsubscribe or we no longer have a legitimate interest in retaining them
  • Website usage data is typically retained for 26 months

After these periods, data is securely deleted or anonymised.

Your rights

Under data protection law, you have the following rights:

  • Access: Request a copy of the personal data we hold about you
  • Rectification: Request correction of inaccurate or incomplete data
  • Erasure: Request deletion of your data in certain circumstances
  • Restriction: Request that we limit how we use your data
  • Portability: Request transfer of your data to another service provider
  • Objection: Object to processing based on legitimate interests or for marketing purposes
  • Withdraw consent: Where processing is based on consent, you may withdraw it at any time

To exercise any of these rights, contact us at [email protected]. We will respond within one month.

Data security

We implement appropriate technical and organisational measures to protect your personal data against unauthorised access, alteration, disclosure, or destruction. These measures include:

  • Encrypted storage of sensitive data
  • Regular security assessments and updates
  • Access controls limiting who can view your information
  • Staff training on data protection obligations
  • Secure disposal of data no longer required

While we take reasonable precautions, no system is completely secure. We cannot guarantee absolute security of data transmitted over the internet.

International transfers

Your data is primarily stored and processed within the United Kingdom. Where we use service providers based outside the UK or European Economic Area, we ensure appropriate safeguards are in place, such as standard contractual clauses approved by regulatory authorities.

Children's privacy

Our services are not directed at children under 16. We do not knowingly collect personal data from children under this age without parental consent. If you believe we have inadvertently collected such data, please contact us immediately.

Changes to this policy

We may update this privacy policy periodically to reflect changes in our practices or legal requirements. The updated version will be posted on this page with a revised date. Material changes will be communicated to active clients via email.

Complaints

If you have concerns about how we handle your personal data, please contact us first at [email protected]. We will investigate and respond to your complaint promptly.

You also have the right to lodge a complaint with the Information Commissioner's Office (ICO), the UK supervisory authority for data protection:

Information Commissioner's Office
Wycliffe House
Water Lane
Wilmslow
Cheshire
SK9 5AF
Helpline: 0303 123 1113
Website: www.ico.org.uk

Contact information

For questions about this privacy policy or how we process your data, contact:

glow-fern Ltd
42 Deansgate Mews
Manchester
M3 2FF
United Kingdom
Email: [email protected]