Privacy Policy
1. Who We Are
1.1 DT Health and Fitness Solutions Ltd (company number 15769337), trading as DT Fitness London, is the data controller for the personal data described in this policy. Registered office: Flat 15, Oban House, Oban Street, London, E14 0JB. Contact: info@dushyantatomar.com.
1.2 This policy applies whenever you visit our website, enquire about or purchase services or products, complete any form, create an account, communicate with us, or receive any service or product from us.
1.3 We process personal data in accordance with the UK General Data Protection Regulation (UK GDPR), the Data Protection Act 2018, and the Privacy and Electronic Communications Regulations 2003 (PECR).
1.4 We will register with the Information Commissioner's Office (ICO) when required to do so under the Data Protection (Charges and Information) Regulations 2018.
2. What We Collect
Identity and contact data: Full name, date of birth, email address, phone number, address details.
Account data: Email (username), encrypted password.
Transaction and service data: Services or products purchased, session records, programme details, payment amounts and dates. We do not store full payment card details - these are processed by Shopify Payments.
Health and medical data (special category data) collected through our Physical Activity Readiness Questionnaire (PARQ) and during services:
- History of diagnosed heart conditions, chest pain, dizziness, or balance problems
- History of joint, muscle, bone, or musculoskeletal conditions
- Whether a doctor has advised against exercise
- Current medications including for blood pressure, heart conditions, or chronic illness
- Other disclosed health conditions (such as asthma, diabetes)
- Pregnancy status or recent childbirth (within 12 months)
- Height, weight, body composition data, and fitness goals
- Any other health information voluntarily disclosed during coaching
Technical and usage data: IP address, browser and device type, pages visited, time on site, referring website, cookie identifiers.
Communication data: Contact form messages, email, WhatsApp, and phone correspondence.
Marketing data: Email opt-in consent records and preferences (Mailerlite - planned, not yet active).
3. How We Collect Your Data
Directly from you through forms, communications, and service delivery. Automatically via cookies and tracking technologies. From third-party platforms including Shopify, Typeform, Calendly, and our analytics and advertising providers.
4. Why We Process Your Data - Lawful Bases
Ordinary personal data (UK GDPR Article 6):
| Purpose | Lawful basis |
|---|---|
| Providing services | Contract (6(1)(b)) |
| Processing payments | Contract (6(1)(b)) |
| Generating and delivering diet plans | Contract (6(1)(b)) |
| Responding to enquiries | Legitimate interests (6(1)(f)) |
| Service-related communications | Contract (6(1)(b)) |
| Fraud prevention and security | Legitimate interests (6(1)(f)) |
| Website analytics | Legitimate interests (6(1)(f)) |
| Marketing emails | Consent (6(1)(a)) - opt-in only |
| Advertising cookies and remarketing | Consent (6(1)(a)) - cookie consent only |
| Legal and regulatory compliance | Legal obligation (6(1)(c)) |
| Defence of legal claims, insurance, audit | Legitimate interests (6(1)(f)) |
Health and medical data (UK GDPR Article 9):
We process your health data on the basis of: Explicit consent (Article 9(2)(a)) - given when you complete and submit the PARQ form; and Legal claims (Article 9(2)(f)) - for the establishment, exercise, or defence of legal claims and insurance matters.
You may withdraw Article 9 consent at any time by contacting info@dushyantatomar.com. Withdrawal may mean we can no longer provide services safely. It does not affect processing that occurred before withdrawal.
5. Who We Share Your Data With
We do not sell your personal data. We share only with:
| Recipient | Purpose | Location |
|---|---|---|
| Shopify Inc. | E-commerce platform, accounts, analytics | Canada / USA |
| Shopify Payments (Stripe) | Payment processing | USA / EU |
| Typeform S.L. | PARQ form (including health data) | Spain / USA |
| Calendly LLC | Booking and scheduling | USA |
| Google LLC | Analytics (GA4), advertising | USA |
| Meta Platforms Inc. | Facebook Pixel, conversion tracking | USA |
| hCaptcha (Intuition Machines Inc.) | Bot and spam protection | USA |
| Loox | Customer review display | Israel / USA |
| Mailerlite (planned - not yet active) | Email marketing | Lithuania (EU) |
We may also disclose data to law enforcement, regulatory bodies, or courts where required by law.
6. International Transfers
Where personal data is transferred outside the UK, we ensure appropriate safeguards are in place including UK adequacy regulations, UK IDTAs, or UK Addenda to EU Standard Contractual Clauses. You may request details of specific transfer mechanisms by emailing info@dushyantatomar.com.
7. Data Retention
| Category | Retention | Reason |
|---|---|---|
| Health data - active clients | Duration of client relationship | Safe service delivery |
| Health data - archived (PARQ, session records) | 7 years from last service | Professional indemnity, insurance, legal defence |
| Transaction and financial records | 7 years from transaction | HMRC - Taxes Management Act 1970 |
| Programme, coaching, and nutrition records | 7 years from last service | Insurance and legal defence |
| Enquiries (no service purchased) | 2 years from last contact | Follow-up response period |
| Marketing consent records | Until withdrawn + 3 years | Lawful basis evidence |
| Account data (no transaction) | 2 years from last login | |
| Account data (with transaction) | 7 years from last transaction |
Records subject to a live complaint, claim, or legal hold will be retained until full resolution. After the retention period, data will be securely deleted or irreversibly anonymised.
8. Your Rights
Under UK GDPR you have rights of: access; rectification; erasure; restriction of processing; data portability; objection to processing based on legitimate interests; withdrawal of consent; and not to be subject to solely automated decision-making with significant effects.
Contact info@dushyantatomar.com to exercise any right. We will respond within one calendar month. Proof of identity may be required.
If you are unhappy with our response, you may complain to the ICO: Information Commissioner's Office, Wycliffe House, Water Lane, Wilmslow, SK9 5AF | 0303 123 1113 | ico.org.uk/make-a-complaint/
9. Children
Our services and products are for persons aged 18 and over. We do not knowingly collect data from under-18s without written parental consent.
10. Security
We implement appropriate technical and organisational security measures. No internet transmission is completely secure and we cannot guarantee absolute security. We will notify you and the ICO of any breach likely to result in a high risk to your rights and freedoms, as required by UK GDPR.
11. Changes
We may update this policy at any time. Material changes will be notified by email or prominent notice. Continued use of our services after notification constitutes acceptance of the updated policy.
12. Contact
Flat 15, Oban House, Oban Street, London, E14 0JB
info@dushyantatomar.com · +44 7754 274859 · Company no. 15769337