Crimson Core - Transform Your Fitness Journey | Dublin's Premier Wellness Centre

Privacy Policy for Crimson Core

Crimson Core ("we," "our," or "us") is committed to protecting the privacy of your personal data. This Privacy Policy explains how we collect, use, disclose, and protect information that applies to our fitness gym and wellness centre services, including personal training, group fitness classes (Spin, Yoga, Pilates), nutritional guidance, sports massage, sauna & steam facilities, physiotherapy referrals, corporate wellness programmes, online coaching, body composition analysis, strength & conditioning equipment, and our online platform. By using our services, you agree to the collection and use of information in accordance with this policy.

1. Information We Collect

We collect various types of information for different purposes to provide and improve our services to you.

1.1 Personal Data You Provide Directly to Us

When you engage with Crimson Core, either in person at our facility or through our online platform, you may provide us with personal information. This includes, but is not limited to:

Identification Data: Your name, date of birth, gender, and contact details (postal address, email address, telephone number).
Health and Fitness Data: Information related to your health status, fitness goals, medical history (relevant to exercise participation), body composition analysis results, injury history, and dietary preferences for nutritional guidance. This is considered special category data and is collected with your explicit consent.
Membership and Service Data: Information related to your membership type, class registrations, personal training sessions, and records of services you have purchased or used.
Payment Data: Billing address and payment method details for processing transactions. We do not store full credit card numbers on our servers.
Communications Data: Records of your correspondence with us, including inquiries, feedback, and support requests.

1.2 Automatically Collected Data

When you visit our online platform, we may automatically collect certain information about your device and browsing activity:

Log Data: Your IP address, browser type, operating system, referring URLs, pages viewed, and the dates/times of your visits.
Usage Data: Information about how you interact with our online platform, such as features used and time spent.
Cookies and Tracking Technologies: We use cookies and similar tracking technologies to track the activity on our online platform and hold certain information. See our Cookie Policy for more details.

2. How We Use Your Information

We use the collected data for various purposes, primarily to provide and improve our services, and to communicate with you.

To Provide and Maintain Our Services: This includes managing your membership, scheduling personal training sessions, registering you for classes, providing nutritional guidance, and facilitating access to our facilities and online coaching.
To Personalise Your Experience: Tailoring our services and recommendations based on your fitness goals, health data, and preferences.
For Communication: Sending you important updates, service announcements, promotional offers, and responding to your inquiries.
For Health and Safety Management: Using relevant health data to ensure your safety during exercise, to adjust programmes as needed, and for emergency contact purposes.
For Billing and Payment Processing: Managing your subscriptions, processing payments, and generating invoices.
For Internal Operations: Data analysis, identifying usage trends, conducting research, and improving our services, facilities, and online platform.
For Compliance and Legal Obligations: Adhering to applicable laws, regulations, and industry standards, including those related to health and safety, and tax.
For Corporate Wellness Programs: Delivering and managing services for corporate clients and their employees, with explicit consent for data sharing when required.

3. Legal Basis for Processing Personal Data

We process your personal data based on the following legal grounds under GDPR:

Consent: Where you have given your explicit consent for specific processing purposes, especially for health-related data. You have the right to withdraw consent at any time.
Contractual Necessity: Processing is necessary for the performance of a contract with you (e.g., membership agreement, service purchase) or to take steps at your request prior to entering into such a contract.
Legal Obligation: Processing is necessary for compliance with a legal obligation to which we are subject (e.g., health and safety regulations, tax laws).
Legitimate Interests: Processing is necessary for the purposes of our legitimate interests or those of a third party, provided those interests are not overridden by your fundamental rights and freedoms (e.g., improving our services, marketing activities).

4. Sharing and Disclosure of Your Information

We may share your information with:

Service Providers: Third-party companies and individuals who perform services on our behalf, such as payment processing, IT support, marketing, and data analytics. These providers are obligated to protect your information and use it only for the purposes for which it was disclosed.
Physiotherapy Referrals: With your explicit consent, we may share relevant health information with trusted physiotherapy partners for referral purposes.
Corporate Clients: For corporate wellness programmes, aggregate or anonymised data may be shared with corporate clients. Individual personal data will only be shared with explicit consent from the employee concerned.
Legal and Regulatory Authorities: When required by law or in response to valid requests by public authorities (e.g., a court or government agency).
Business Transfers: In the event of a merger, acquisition, or asset sale, your personal data may be transferred as a business asset. We will notify you before your personal data becomes subject to a different Privacy Policy.

We do not sell your personal data to third parties.

5. International Data Transfers

As an Irish-based company, your data will primarily be processed within the European Economic Area (EEA). If we transfer your personal data outside the EEA, we will ensure that appropriate safeguards are in place, such as adequacy decisions or standard contractual clauses, to protect your data.

6. Data Retention

We retain your personal data only for as long as necessary to fulfill the purposes for which it was collected, including for the purposes of satisfying any legal, accounting, or reporting requirements. The precise retention period depends on the type of data and the purpose of processing. For example, health-related data may be retained for the duration of your membership and a reasonable period thereafter for safety and historical record-keeping, in accordance with applicable health regulations.

7. Your Data Protection Rights

Under GDPR, you have the following rights regarding your personal data:

The Right to Access: You have the right to request copies of your personal data.
The Right to Rectification: You have the right to request that we correct any information you believe is inaccurate or complete information you believe is incomplete.
The Right to Erasure (Right to be Forgotten): You have the right to request that we erase your personal data, under certain conditions.
The Right to Restrict Processing: You have the right to request that we restrict the processing of your personal data, under certain conditions.
The Right to Object to Processing: You have the right to object to our processing of your personal data, under certain conditions.
The Right to Data Portability: You have the right to request that we transfer the data that we have collected to another organisation, or directly to you, under certain conditions.
The Right to Withdraw Consent: Where our processing is based on your consent, you have the right to withdraw that consent at any time.

To exercise any of these rights, please contact us using the details provided below.

8. Security of Your Data

We are committed to ensuring the security of your personal data. We implement appropriate technical and organisational measures to protect your information from unauthorised access, alteration, disclosure, or destruction. These measures include data encryption, secured servers, access controls, and regular security audits. However, no method of transmission over the Internet or method of electronic storage is 100% secure.

9. Links to Other Websites

Our online platform may contain links to other websites that are not operated by us. If you click on a third-party link, you will be directed to that third-party's site. We strongly advise you to review the Privacy Policy of every site you visit. We have no control over and assume no responsibility for the content, privacy policies, or practices of any third-party sites or services.

10. Changes to This Privacy Policy

We may update our Privacy Policy from time to time. We will notify you of any changes by posting the new Privacy Policy on this page. We will let you know via email and/or a prominent notice on our online platform, prior to the change becoming effective and update the "last updated" date at the top of this Privacy Policy. You are advised to review this Privacy Policy periodically for any changes.

11. How to Contact Us

If you have any questions about this Privacy Policy, your data, or would like to exercise one of your data protection rights, please do not hesitate to contact us:

Crimson Core

14 Spencer Dock Boulevard,

Unit 3B,

Dublin, County Dublin,

D01 V9X0,

Ireland

12. Right to Complain

Should you wish to report a complaint or if you feel that Crimson Core has not addressed your concern in a satisfactory manner, you have the right to lodge a complaint with the Data Protection Commission (DPC) in Ireland, the supervisory authority for data protection issues in Ireland.