Privacy Policy for Eniko K Fitness

Last Updated: April 23, 2026

This Privacy Policy describes how Eniko K Fitness ("we," "us," or "our"), located in London, UK, collects, uses, and shares personal data of individuals who visit our website https://www.enikokfitness.co.uk/ (the "Site," hosted on Google Sites) and those who engage with our online coaching services and community. Our services involve the use of various platforms, including Google Workspace (Google Docs, Sheets, Forms, Sites, Meet), Stripe (for payment processing), Monzo Business, Trainerize, and UK Coaching. We also engage with clients and promote our services on social media platforms like Facebook and Instagram.

We are committed to protecting your personal data and complying with the General Data Protection Regulation (GDPR) and the UK General Data Protection Regulation (UK GDPR), as applicable.

1. Who We Are

Eniko K Fitness is an online coaching business located in London, UK. For privacy and security reasons, a specific physical street address is not publicly provided. For the purposes of the GDPR and UK GDPR, we are the data controller responsible for the processing of your personal data in connection with the Site and the Services.

2. What Personal Data We Collect

We may collect and process the following types of personal data:

• Contact Information: Your name, email address, phone number, and postal address. This may be collected through forms on our Google Site (via Google Forms) or during direct communication via Google Workspace.

• Account Information: If you create an account to access our services on a third-party platform (e.g., Trainerize), you will establish a username and password with that platform. We do not collect, store, or have access to your plaintext passwords. Your login credentials are managed securely by the platform providers (e.g., Trainerize, UK Coaching, Google) that host your account.

• Payment Information: When you purchase our Services, we collect necessary payment information, including your name, address, and payment card details. Payment processing is securely handled by our third-party payment processor, Stripe. We do not store your full payment card details on our systems. Transaction records are reconciled through our bank, Monzo Business.

• Coaching & Course Information (Special Categories of Data): Information you share with your coach during sessions, progress, goals, challenges, and feedback. This data is managed within Trainerize, UK Coaching, and Google Workspace. This includes data concerning health and physical fitness (a special category of personal data). We collect this essential health data with your explicit consent to create suitable workout programs, prevent injuries, and aid recovery.

• Contractual Data: Information collected for formalizing agreements and contracts, which are run through Google Forms. This includes your signature/acceptance of terms.

• Website Usage Data: Information about how you use our Google Site, including your IP address, browser type, and pages visited. We may use cookies and similar tracking technologies to collect this information (please see our Cookie Policy below for more details).

• Communications: Records of our correspondence with you, including emails (via Google Workspace) and messages within Trainerize, UK Coaching, or social media.

• Form Submission Data: Any personal data you submit through online forms embedded on our Google Site, created using Google Forms.

• Social Media Interaction Data: Information generated when you interact with our Facebook Group or Instagram profile.

3. How We Collect Your Personal Data

We collect your personal data in the following ways:

• Directly from You: When you fill out forms on our Google Site (Google Forms), sign contracts (via Google Forms), purchase our Services, or communicate with us.

• Automatically: Through your use of our Google Site, Google Workspace, Trainerize, UK Coaching, and interactions on social media profiles (using cookies and other tracking technologies).

• From Third Parties: We receive personal data from third-party service providers, such as payment processors (Stripe).

4. How We Use Your Personal Data

We may use your personal data for the following specified, explicit, and legitimate purposes:

• To Provide the Services: To deliver online coaching services, including creating personalized workout programs based on health data provided with your explicit consent. To facilitate live sessions (Google Meet) and manage communication and progress (Trainerize, UK Coaching).

• To Process Payments & Manage Finance: To process payments securely through Stripe and manage financial records using Monzo Business accounts.

• To Manage Contracts: To create, manage, and store client agreements securely through Google Forms and Google Drive.

• To Manage Your Account Access: To facilitate your access to our content or services provided through platforms like Trainerize or UK Coaching.

• For Marketing Purposes: To send you promotional emails and newsletters (with your explicit consent). To use social media (Facebook and Instagram) for promotional activities. Please note: Testimonials will only be shared with your explicit consent.

• To Build and Manage Community: To facilitate community engagement within our private Facebook Group.

• To Comply with Legal Obligations: To comply with applicable laws and regulations.

• To Ensure Security: To protect our platforms and services from fraud and security threats.

5. Legal Basis for Processing Your Personal Data

• Contract: Necessary for the performance of a contract (Art. 6(1)(b) GDPR/UK GDPR).

• Consent: Explicit consent (Art. 6(1)(a) and Art. 9(2)(a)) for health data and marketing.

• Legitimate Interests: Necessary for our business interests (Art. 6(1)(f) GDPR/UK GDPR).

• Legal Obligation: Compliance with a legal obligation (Art. 6(1)(c) GDPR/UK GDPR).

6. Sharing Your Personal Data

We may share your personal data with:

• Coaches: Providing your Services.

• Third-Party Service Providers (Processors): Stripe, Google Workspace, Trainerize, UK Coaching, and analytics providers. These providers process data on our instructions and are contractually bound to protect it.

• Social Media Platforms: Meta (Facebook/Instagram). We act as joint controllers for our Facebook Group.

• Law Enforcement: When legally compelled.

7. International Transfers

Your personal data may be transferred outside the UK/EEA by our service providers (e.g., Google, Stripe, Meta). We ensure appropriate safeguards (e.g., SCCs or the EU-US Data Privacy Framework) are in place.

8. Security

We use SSL/TLS encryption, strict access controls, multi-factor authentication, and secure document disposal to ensure the security of your data.

9. Data Retention

We retain data only as long as necessary. Payment records and contracts are typically kept for 6 years (or up to 15 for legal defense); coaching and course records are typically kept for 6 years after completion of services.

10. Your Data Protection Rights

You have the right to access, rectify, erase, restrict, or object to the processing of your data, and the right to data portability. Contact us to exercise these rights.

11. Cookie Policy

Our Site uses cookies to enhance your experience. We rely on your consent for non-essential cookies. You can manage preferences via our cookie banner or your browser. For Google's specific cookie policies, visit: https://policies.google.com/privacy

12. Links to Other Websites and Third-Party Platforms

• Stripe: https://stripe.com/gb/privacy

• Google: https://policies.google.com/privacy

• Trainerize: https://www.trainerize.com/privacy/

• UK Coaching: https://www.ukcoaching.org/privacy-policy

• Facebook: https://www.facebook.com/privacy/policy/

• Instagram: https://help.instagram.com/155833707900388

13. Changes to This Privacy Policy

We may update this policy periodically. Changes will be posted here with an updated "Last Updated" date.

14. Contact Us

If you have any questions, please contact us through the link on our website.