Privacy Policy

Privacy Policy for Eniko K Fitness

Last Updated: October 15, 2025

This Privacy Policy describes how Eniko K Fitness ("we," "us," or "our"), located in London, UK, collects, uses, and shares personal data of individuals who visit our website https://www.enikokfitness.co.uk/ (the "Site," hosted on Google Sites) and those who engage with our online coaching services and community. Our services involve the use of various platforms, including Google Workspace (Google Docs, Sheets, Forms, Sites, Meet), Stripe (for payment processing), Monzo Business, MyPtHub, and Calendly. We also engage with clients and promote our services on social media platforms like Facebook and Instagram.

We are committed to protecting your personal data and complying with the General Data Protection Regulation (GDPR) and the UK General Data Protection Regulation (UK GDPR), as applicable.

1. Who We Are

Eniko K Fitness is an online coaching business located in London, UK. For privacy and security reasons, a specific physical street address is not publicly provided. For the purposes of the GDPR and UK GDPR, we are the data controller responsible for the processing of your personal data in connection with the Site and the Services.

2. What Personal Data We Collect

We may collect and process the following types of personal data:

• Contact Information:

  • Your name, email address, phone number, and postal address.

  • This may be collected through forms on our Google Site (via Google Forms) or during direct communication via Google Workspace.

• Account Information:

  • If you create an account to access our services on a third-party platform (e.g., MyPtHub), you will establish a username and password with that platform.

  • We do not collect, store, or have access to your plaintext passwords. Your login credentials are managed securely by the platform providers (e.g., MyPtHub, Google) that host your account.

• Payment Information:

  • When you purchase our Services, we collect necessary payment information, including your name, address, and payment card details.

  • Payment processing is securely handled by our third-party payment processor, Stripe. We do not store your full payment card details on our systems. Transaction records are reconciled through our bank, Monzo Business.

• Coaching & Course Information (Special Categories of Data):

  • Information you share with your coach during sessions, progress, goals, challenges, and feedback. This data is managed within MyPtHub and Google Workspace.

  • This includes data concerning health and physical fitness (a special category of personal data). We collect this essential health data with your explicit consent to create suitable workout programs, prevent injuries, and aid recovery.

• Contractual Data:

  • Information collected for formalizing agreements and contracts, which are run through Google Forms. This includes your signature/acceptance of terms.

• Website Usage Data:

  • Information about how you use our Google Site, including your IP address, browser type, and pages visited.

  • We may use cookies and similar tracking technologies to collect this information (please see our Cookie Policy below for more details).

• Communications:

  • Records of our correspondence with you, including emails (via Google Workspace) and messages within MyPtHub or social media.

• Scheduling Information:

  • Information related to your scheduled coaching sessions, managed through Calendly.

• Form Submission Data:

  • Any personal data you submit through online forms embedded on our Google Site, created using Google Forms.

• Social Media Interaction Data:

  • Information generated when you interact with our Facebook Group or Instagram profile.

3. How We Collect Your Personal Data

We collect your personal data in the following ways:

• Directly from You: When you fill out forms on our Google Site (Google Forms), sign contracts (via Google Forms), purchase our Services, communicate with us, or schedule appointments (Calendly).

• Automatically: Through your use of our Google Site, Google Workspace, Calendly, MyPtHub, and interactions on social media profiles (using cookies and other tracking technologies).

• From Third Parties: We receive personal data from third-party service providers, such such as payment processors (Stripe).

4. How We Use Your Personal Data

We may use your personal data for the following specified, explicit, and legitimate purposes:

• To Provide the Services:

  • To deliver online coaching services, including creating personalized workout programs based on health data provided with your explicit consent.

  • To facilitate live sessions (Google Meet) and manage communication and progress (MyPtHub).

• To Process Payments & Manage Finance:

  • To process payments securely through Stripe and manage financial records using Monzo Business accounts.

• To Manage Contracts:

  • To create, manage, and store client agreements securely through Google Forms and Google Drive.

• To Manage Your Account Access:

  • To facilitate your access to our content or services provided through platforms like MyPtHub.

• For Marketing Purposes:

  • To send you promotional emails and newsletters (with your explicit consent).

  • To use social media (Facebook and Instagram) for promotional activities.

  • Please note: Testimonials (including stories of overcoming a problem and successful healing/strengthening) will only be shared for promotional purposes with your explicit and specific consent for that purpose. All other confidential coaching information is kept strictly confidential and never shared.

• To Build and Manage Community:

  • To facilitate community engagement within our private Facebook Group.

• To Comply with Legal Obligations:

  • To comply with applicable laws and regulations, including those related to contract retention and financial records.

• To Ensure Security:

  • To protect our platforms and services from fraud and security threats.

5. Legal Basis for Processing Your Personal Data (Article 6 GDPR/UK GDPR)

Our legal basis for processing your personal data will depend on the specific purpose:

• Contract: Processing is necessary for the performance of a contract with you (Art. 6(1)(b) GDPR/UK GDPR). This covers providing the coaching services, processing payments via Stripe, and managing agreements.

• Consent: We rely on your explicit consent (Art. 6(1)(a) and Article 9(2)(a) for sensitive health data) for:

  • Processing of special categories of personal data (health data) for program creation.

  • Direct electronic marketing.

• Legitimate Interests: Processing is necessary for our legitimate interests (Art. 6(1)(f) GDPR/UK GDPR), such as ensuring platform security, improving services, and managing our social media presence, provided your rights are protected.

• Legal Obligation: Processing is necessary for compliance with a legal obligation to which we are subject (Art. 6(1)(c) GDPR/UK GDPR). This includes compliance with requests from law enforcement or other public authorities.

6. Sharing Your Personal Data

We may share your personal data with the following categories of recipients who are contractually bound to protect your data or act as joint controllers:

• Coaches: Your personal data, including coaching information shared through Google Workspace and MyPtHub, will be shared with the coach providing your Services.

• Third-Party Service Providers (Processors): We use the following third-party service providers who process your personal data on our behalf:

  • Stripe: For secure payment processing. Please refer to Stripe's privacy policy.

  • Google Workspace (Docs, Sheets, Slides, Forms, Sites, Meet): For communication, document sharing, and form submissions.

  • MyPtHub: For delivering courses and managing progress.

  • Calendly: For scheduling coaching sessions.

  • Analytics Providers (e.g., Google Analytics): To analyze website usage.

  • These providers process your personal data on our instructions and are subject to contractual obligations to protect your data.

• Social Media Platforms (Facebook, Instagram - Meta Platforms Inc.): We share data with Meta when you interact with our pages, groups, or content. For our Facebook Group, we act as joint controllers with Meta.

• Law Enforcement and Other Public Authorities: We may disclose your personal data when legally compelled to do so by a court, law enforcement agency, or other public authority.

7. International Transfers of Your Personal Data

Your personal data may be transferred to and processed in countries outside of the UK and the European Economic Area (EEA) by some of our third-party service providers (e.g., Google, Stripe, Meta). We ensure appropriate safeguards are in place to protect your data in accordance with GDPR/UK GDPR, such as relying on Standard Contractual Clauses (SCCs) or the EU-US Data Privacy Framework.

8. Security of Your Personal Data (Article 32 GDPR/UK GDPR)

We implement appropriate technical and organizational measures to ensure a level of security appropriate to the risk. These measures include:

• Encryption: Using SSL/TLS encryption for data in transit.

• Access Controls: Restricting access to authorized personnel only, using strong passwords and multi-factor authentication.

• Physical Data Security: Any physical copies of customers' details will be securely shredded and disposed of according to legal requirements and best practices for confidential waste disposal.

• Secure Platforms: Utilizing reputable third-party services like Google Workspace, Stripe, and MyPtHub.

9. Data Retention (Article 5(1)(e) GDPR/UK GDPR)

We retain your personal data only for as long as necessary to fulfill the purposes for which it was collected, or to comply with our legal obligations.

• Payment Records & Contracts: Retained for a minimum of 6 years according to tax and accounting laws, with some legal documents kept for up to 15 years for legal defense.

• Coaching & Course Records (including sensitive data): Typically retained for 6 years after the completion of your coaching or course, accounting for potential legal claims and professional obligations.

After the retention period, your personal data will be securely deleted or anonymized.

10. Your Data Protection Rights Under GDPR and UK GDPR (Articles 12-23)

As a data subject, you have the right to be informed, the right of access, rectification, erasure ('right to be forgotten'), restriction of processing, data portability, and the right to object, among others.

To exercise any of these rights, please contact us using the details provided below. We will respond to your request within one month of receipt.

11. Cookie Policy

Our Google Site uses cookies and similar tracking technologies to enhance your browse experience and collect information about how you use our Site. We rely on your consent for the use of non-essential cookies. You can manage your cookie preferences through our cookie banner or your browser settings.

Regarding Google's use of cookies on our site: Google uses cookies and similar technologies for analytical purposes to understand how you interact with a particular service... It is detailed how they collect and use data with their cookies in their privacy policy: https://policies.google.com/privacy

12. Links to Other Websites and Third-Party Platforms

We encourage you to review the respective privacy policies of the third-party services we use:

• Stripe (Payment Processor): https://stripe.com/gb/privacy

• Google (for Workspace, Sites, Meet, Forms, etc.): https://policies.google.com/privacy

• MyPtHub: https://www.mypthub.net/legal/privacy-policy/

• Calendly: https://calendly.com/legal/privacy-notice

• Facebook (Meta Platforms Inc.): https://www.facebook.com/privacy/policy/

• Instagram (Meta Platforms Inc.): https://help.instagram.com/155833707900388

13. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or legal requirements. We will post any changes on this page and update the "Last Updated" date at the top.

14. Contact Us

If you have any questions or concerns about this Privacy Policy or our data protection practices, please contact us through the link below. 

Thank you for trusting Eniko K Fitness with your personal data.