Data Protection Policy Statement
CrossFit Hawk Eye is strongly committed to the security and protection of members’ personal information and we do our utmost at all times to ensure privacy. We take the security and privacy of our customers very seriously. We strive to conform with the UK and European Data Protection laws. We do not share any information with third parties, nor do we collect or retain any information other than that necessary for us to provide our services to you.
We use members’ personal information only as necessary for us to provide our services to you. We do not share any information with unrelated third parties nor do we collect or retain any information other than is required for the provision of our products or services. Information collected during the online registration process is stored securely. Information collected will be securely destroyed if it is no longer required by CrossFit Hawk Eye. Members may request details of personal information, which we hold under the Data Protection Act/forthcoming General Data Protection Regulation. A small fee will be payable. Copies of the information can be obtained by writing to us at [email protected] If you believe that any information we are holding on you is incorrect or incomplete, please write to or email us as soon as possible, at the above address. We will promptly correct any information found to be incorrect. We request all members check their details for accuracy annually and make any necessary changes. This includes redoing our waiver if any information has been changed on MindBody. We will email reminders for this. Please note in order to receive emails from us, you need to ‘opt in’ and complete an email verification to show your consent in order for us to comply with legal requirements. We require this to allow us to communicate with members effectively.
Where we engage third party contractors (e.g. coaches, presenters) to perform services for us, those third party contractors may be required to handle your personal information. Under these circumstances, those third party contractors must safeguard this information and must only use it for the purposes for which it was supplied, although we are not responsible for ensuring this. Other than the above, we will not disclose your personal information without your consent unless disclosure is either necessary to prevent a threat to life or health, authorised or required by law, reasonably necessary to enforce the law or necessary to investigate a suspected unlawful activity.
CrossFit Hawk Eye makes use of third party software to manage bookings and membership, provided by MindBody. MindBody has their own privacy and data security policy with regard to client information. You can access this information on their website.
Personal information collected by CrossFit Hawk Eye and our website www.crossfit-hawkeye.com is stored in secure operating environments that are not available to the public. We will protect your personal information no matter where we process or store your data.
Changes to our Policy: From time to time, it may be necessary for us to review and revise this Policy. We reserve the right to change our Policy at any time and should this occur, the amendment will be posted on our website and will be effective immediately.
The Company Directors have shared this policy with all staff members so everyone is aware our requirements under the Data Protection Act/forthcoming General Data Protection Regulation and other relevant legislation. All staff have been made aware how to handle personal data, in this case, not to share with anyone at any time unless required to by Law, and that it is a criminal offence to do so.
There are various contacts available on CrossFit Hawk Eye’s website, any of which can be used as an access point to information and complaints.
Our business Terms and Conditions are available on our website which outlines how we use personal information. This is freely available information so anyone visiting our website can access it.
Any requests for personal information go straight to the Company Secretary for action.
We annually request members update their information. Any old members that have left and there is no chance of them returning are deactivated on MindBody‘s system. This third party, external system is only accessible by staff using specific details and is not freely available.
We perform compliance checks with Paysafe annually to ensure we are PCI DSS compliant for our use of MindBody POS and for card payments. As part of this we annually ensure staff, where relevant, complete the Paysafe training modules for Managers in the PCI Manager portal, and have tailored their template Security Policy for our business. In line with the requirements of this review:
- New network devices (that access POS) are configured by changing all default passwords and installing anti-virus software (usually McAfee) and activating firewall. McAfee tests daily for anomalies.
- WiFi password changed from default
- Only necessary software installed
- Security patches checked weekly automatically
- Any suspicious behaviour on system monitored and reported as necessary
- PANFinder being trialled for added security
CLUB DATA PROTECTION OFFICER: Andrew Carigiet