PRIVACY POLICY

contact / privacy policy

Last updated: March 2026

1. Introduction

Petrina Byrne, trading as PBfitness ("we", "us", "our"), is committed to protecting and respecting your privacy. This Privacy Policy explains how we collect, use, store, and protect your personal data when you interact with us, purchase our services, or use our platforms.

This policy is written in compliance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018. It applies to all personal data we process as a data controller.

If you have any questions about this policy or your data, please contact us at [email protected].

2. Data Controller

The data controller is Petrina Byrne, trading as PBfitness. As a sole trader, Petrina Byrne is personally responsible for the lawful and fair processing of your personal data.

We are not currently required to register with the Information Commissioner's Office (ICO) as a small sole trader, but we comply fully with all UK GDPR obligations. If this status changes, we will update this policy accordingly.

3. What Personal Data We Collect

We may collect and process the following categories of personal data:

3.1 Identity and Contact Information

  • Full name

  • Email address

  • Telephone number (where provided)

  • Social media handles (where provided)

3.2 Health and Wellbeing Data

As part of our coaching services, we collect special category data relating to your health. This includes:

  • Body measurements and weight (if you choose to share these)

  • Fitness levels, training history, and physical activity data

  • Dietary preferences, restrictions, and habits

  • Mental health history and current mental wellbeing indicators

  • Any other health information you share with us during the coaching relationship

We collect this data only with your explicit consent and only to the extent necessary to provide your coaching programme.

3.3 Financial Information

  • Payment and billing information, processed via our secure third-party payment processor

  • Transaction records

We do not store full payment card details ourselves.

3.4 Communications Data

  • Messages, emails, check-in responses, and other communications you send us

  • Your responses to progress reviews and check-in forms

3.5 Technical and Usage Data

  • IP address

  • Browser type and version

  • Pages visited on our website

  • Cookies and similar tracking data (see Section 9)

4. How We Collect Your Data

We collect personal data in the following ways:

  • Directly from you when you complete our intake forms, consultation booking, or onboarding questionnaire

  • Through ongoing communications, check-ins, and progress reviews during your coaching programme

  • Via our coaching app and tracking tools where applicable

  • When you contact us by email, direct message, or phone

  • Through our website using cookies and analytics tools (see Section 9)

  • Via payment processors when you make a purchase

5. Legal Basis for Processing

We process your personal data on the following legal bases under UK GDPR:

  • Contract performance: to fulfil our obligations to you under your coaching agreement

  • Legitimate interests: to manage our business, improve our services, and communicate with you about matters relevant to your coaching

  • Legal obligation: to comply with any legal requirements, including financial record-keeping under HMRC obligations

  • Explicit consent: for the processing of special category health data and for any optional marketing communications

Where we rely on consent as a legal basis, you have the right to withdraw that consent at any time without affecting the lawfulness of processing before withdrawal.

6. How We Use Your Data

We use your personal data for the following purposes:

  • To provide and personalise your coaching programme

  • To communicate with you about your programme, progress, and bookings

  • To process payments and manage your account

  • To monitor your progress and adjust your programme as needed

  • To respond to enquiries and provide customer support

  • To comply with our legal and regulatory obligations

  • To improve our services and develop new content (using anonymised or aggregated data only)

  • To send you marketing communications, but only where you have explicitly opted in

We will never use your health or sensitive personal data for marketing purposes or share it with any third party for their own marketing purposes.

7. Data Sharing

We do not sell your personal data. We may share your data with the following third parties only where necessary:

7.1 Service Providers

We use trusted third-party tools and service providers to operate our business. These include:

  • Coaching and client management software

  • Email marketing tools (where you have opted in)

  • Payment processors

  • Scheduling tools

  • Cloud storage providers

All third-party service providers are required to process your data only on our instructions and in accordance with UK GDPR.

7.2 Legal Requirements

We may disclose your data if required to do so by law, court order, or government authority.

7.3 International Transfers

Some of our third-party service providers are based outside the UK. In such cases, we ensure that any transfer is subject to appropriate safeguards, such as the use of UK-approved standard contractual clauses or adequacy decisions. We will not transfer your data outside the UK without appropriate protections in place.

8. Data Retention

We retain your personal data only for as long as necessary to fulfil the purposes for which it was collected:

  • Coaching records and health data: retained for the duration of your coaching programme and for 3 years afterwards, in case of disputes or follow-up enquiries

  • Financial records: retained for 6 years in accordance with HMRC requirements

  • Marketing opt-in records: retained until you withdraw consent

  • Website analytics data: typically retained for 26 months

After these periods, your data will be securely deleted or anonymised.

9. Cookies

Our website uses cookies and similar tracking technologies to improve your experience. Cookies are small text files placed on your device.

9.1 Types of Cookies We Use

  • Strictly necessary cookies: essential for the website to function correctly

  • Analytics cookies: to understand how visitors use our site

  • Functional cookies: to remember your preferences

  • Marketing cookies: only where you have given explicit consent

9.2 Managing Cookies

You can control and manage cookies through your browser settings. Disabling certain cookies may affect the functionality of our website. On your first visit, you will be asked to consent to non-essential cookies via our cookie banner.

10. Your Rights Under UK GDPR

As a data subject, you have the following rights:

  • Right of access: to request a copy of the personal data we hold about you

  • Right to rectification: to request correction of inaccurate or incomplete data

  • Right to erasure (the 'right to be forgotten'): to request deletion of your data where there is no compelling reason for us to continue holding it

  • Right to restrict processing: to ask us to pause processing in certain circumstances

  • Right to data portability: to receive your data in a structured, commonly used format

  • Right to object: to object to processing based on legitimate interests or for direct marketing

  • Rights in relation to automated decision-making: we do not make automated decisions that have significant legal effects on you

To exercise any of these rights, please contact us at [email protected]. We will respond within one month of receiving your request. We may need to verify your identity before fulfilling a request.

You also have the right to lodge a complaint with the Information Commissioner's Office (ICO) at ico.org.uk or by calling 0303 123 1113.

11. Data Security

We take the security of your personal data seriously. We implement appropriate technical and organisational measures to protect your data from unauthorised access, loss, destruction, or disclosure. These measures include:

  • Encrypted communication and storage where possible

  • Password-protected accounts and platforms

  • Restricted access to personal data on a need-to-know basis

  • Regular review of our data handling practices

In the event of a personal data breach that poses a risk to your rights and freedoms, we will notify you and the ICO as required by law within 72 hours of becoming aware of the breach.

12. Special Category Data

Health data is classified as "special category data" under UK GDPR and is afforded higher levels of protection. We process your health data only:

  • With your explicit written consent

  • To the minimum extent necessary to deliver your coaching programme

  • With appropriate security safeguards in place

You may withdraw your consent to the processing of special category data at any time. This may affect our ability to deliver certain coaching services.

13. Children's Data

Our services are primarily intended for adults aged 18 and over. We do not knowingly collect personal data from children under the age of 13. If you believe we have inadvertently collected data from a child, please contact us immediately so we can delete it.

14. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, or legal requirements. We will notify you of material changes by email. The current version of this policy is always available at www.pbfitness.co.uk.

15. Contact Us

If you have any questions, concerns, or requests relating to this Privacy Policy or your personal data, please contact:

Petrina Byrne

PBfitness

Email: [email protected]

Website: www.pbfitness.co.uk

© Copyright 2026 PBFitness | All rights reserved.