top of page

BFIT Privacy Policy

Effective date: April 2026

Last updated: April 2026

 

1. About B FIT

This Privacy Policy explains how B FIT ("B FIT", "we", "us" and "our") collects, uses, stores and protects personal data when you visit bfit.co.uk, purchase products or services from us, subscribe to our emails, complete forms, or otherwise interact with us.

B FIT is the data controller for the personal data covered by this Privacy Policy.

Controller details
Business name: B FIT
Website: bfit.co.uk
Email: rachel@bfit.co.uk

If you have questions about this Privacy Policy or how we handle your personal data, please contact us using the details above.

 

2. Scope

This Privacy Policy applies to personal data we collect through:

  • our website;

  • contact forms, waitlists, enquiries and consultations;

  • newsletter sign-up forms and other email marketing forms;

  • purchases of digital products, memberships, programmes or coaching;

  • client onboarding questionnaires;

  • social media direct messages where these are used to discuss our services; and

  • any other direct interaction you have with B FIT.

 

3. The personal data we collect

We may collect the following categories of personal data, depending on how you use our website and services:

 

Identity and contact data

  • first name and last name;

  • email address;

  • telephone number;

  • billing address and country.

 

Account and profile data

  • login details where an account area exists;

  • programme preferences;

  • subscription status;

  • questionnaire responses;

  • survey responses and feedback.

 

Transaction data

  • details of products and services purchased;

  • order history;

  • payment status;

  • limited billing and transaction records.

 

We do not store full payment card numbers. Payments are processed by our third-party payment providers.

 

Technical and usage data

  • IP address;

  • browser type and version;

  • device type;

  • operating system;

  • time zone setting;

  • referral source;

  • pages viewed;

  • time spent on pages;

  • clicks and interactions on the website; and

  • cookie and similar technology data.

 

Marketing and communications data

  • your preferences in receiving marketing from us;

  • records of whether you open or click our emails;

  • preferences you submit through forms or quizzes;

  • communications you send to us.

 

Health and wellness data
Because B FIT offers fitness, wellbeing, nutrition and lifestyle content, we may ask you to provide information relating to:

  • fitness goals;

  • activity levels;

  • lifestyle habits;

  • food preferences;

  • injuries or physical limitations;

  • pregnancy or postpartum status; and

  • other wellbeing information you choose to share with us.

 

Where this information amounts to health data or other special category data, we will only process it where we have both:

  • a lawful basis under Article 6 UK GDPR; and

  • an additional condition under Article 9 UK GDPR, which will usually be your explicit consent.

You should only provide health-related information that is reasonably necessary for us to tailor your experience or provide the service you have requested.

4. How we collect personal data

We collect personal data:

  • directly from you when you complete forms, buy from us, join a mailing list, apply for a service, or contact us;

  • automatically through cookies and similar technologies when you use our website;

  • from payment providers and website platforms in connection with transactions;

  • from email and analytics platforms that record your engagement with emails and pages; and

  • in some cases, from social media platforms when you interact with us there.

 

5. How we use your personal data

We use personal data for the following purposes:

  • to provide our website and its features;

  • to set up and manage your account;

  • to deliver programmes, coaching, digital products and other services;

  • to personalise content, recommendations and programme materials;

  • to process payments and keep accounting records;

  • to respond to your messages, enquiries and support requests;

  • to send service-related emails, including order confirmations and updates;

  • to send newsletters and marketing communications where permitted;

  • to understand how visitors use our website and improve performance;

  • to keep our website secure and prevent fraud or misuse;

  • to comply with legal, tax, accounting and regulatory obligations; and

  • to establish, exercise or defend legal claims if necessary.

 

6. Our lawful bases for processing

Depending on the context, we rely on one or more of the following lawful bases:

Contract
Where processing is necessary to take steps at your request before entering into a contract or to perform a contract with you. For example, delivering a paid programme or digital product.

Consent
Where you have given clear consent for us to process your data for a specific purpose. For example:

  • sending marketing emails where consent is required;

  • using certain non-essential cookies or similar technologies where consent is required; and

  • processing health-related or special category data using explicit consent.

 

Legitimate interests
Where processing is necessary for our legitimate interests and those interests are not overridden by your rights and freedoms. For example:

  • improving our website and services;

  • analysing website use;

  • protecting our business from fraud, abuse and security threats;

  • responding to business enquiries; and

  • conducting proportionate direct marketing to existing customers where allowed by law.

 

Legal obligation
Where we need to process data to comply with a legal obligation, for example for tax, accounting or consumer law compliance.

 

7. Special category data

If you provide health-related or other special category data, we will process it only when we have an appropriate Article 9 condition. In most cases, this will be your explicit consent. You may withdraw your consent at any time, but this will not affect processing already carried out before withdrawal.

If you withdraw consent, we may not be able to continue providing a tailored service that relies on that information.

 

8. Marketing

We may send you marketing by email where:

  • you have opted in; or

  • we can rely on another lawful route permitted under the Privacy and Electronic Communications Regulations (PECR), such as the soft opt-in where applicable.

You can unsubscribe from marketing emails at any time by clicking the unsubscribe link in the email or by contacting us.

We will still send essential service communications where needed, such as order confirmations, updates to purchased services, and important account messages.

 

9. Cookies and similar technologies

We use cookies and similar technologies on our website for essential, analytics, functionality and marketing purposes.

Where required by law, we will ask for your consent before using non-essential cookies or similar technologies. Essential cookies that are strictly necessary for the website or service requested by you may be used without consent.

For more detail, please see our Cookie Policy below.

 

10. Sharing your personal data

We do not sell your personal data.

We may share personal data with carefully selected service providers and professional advisers where necessary for the purposes described in this Privacy Policy, including:

  • website hosting and website platform providers;

  • payment processors;

  • email marketing providers;

  • analytics and advertising partners;

  • customer relationship management systems;

  • scheduling, form or survey tools;

  • cloud storage and business software providers;

  • accountants, lawyers, insurers and other advisers; and

  • regulators, courts, law enforcement or government authorities where required.

Where third parties process personal data on our behalf, we require them to process it only on our instructions, keep it secure, and comply with applicable data protection law.

 

11. International transfers

Some of our service providers may store or process personal data outside the UK.

Where we transfer personal data internationally, we will take steps to ensure that appropriate safeguards are in place, such as:

  • an adequacy regulation for the destination country; or

  • approved transfer mechanisms such as the UK International Data Transfer Agreement, the UK Addendum to the EU Standard Contractual Clauses, or other lawful safeguards.

 

12. How long we keep your data

We keep personal data only for as long as reasonably necessary for the purposes for which it was collected, including for legal, accounting, tax, contractual and reporting requirements.

Typical retention periods may include:

  • enquiry data: up to 24 months after the last meaningful contact;

  • client and customer records: up to 6 years after the end of the relationship, where needed for legal, tax or accounting reasons;

  • transaction records: up to 6 years;

  • marketing records: until you unsubscribe or we decide the consent or relationship is no longer current;

  • cookie consent records: as needed to demonstrate compliance; and

  • health questionnaire data: only for as long as required to provide the relevant service and manage legal risk, then securely deleted or anonymised where appropriate.

We may keep data for longer if required by law or if needed to establish, exercise or defend legal claims.

 

13. Your data protection rights

Subject to applicable law, you have the right to:

  • request access to your personal data;

  • request correction of inaccurate or incomplete personal data;

  • request erasure of your personal data;

  • request restriction of processing;

  • object to processing based on legitimate interests;

  • ask us to transfer certain data to you or another provider;

  • withdraw consent at any time where we rely on consent; and

  • complain to the UK Information Commissioner's Office (ICO).

To exercise any of your rights, please email hello@bfit.co.uk.

 

14. Complaints

We aim to deal with privacy concerns fairly and promptly. If you have a complaint about how we use your personal data, please contact us first so that we can try to resolve it.

You also have the right to complain to the Information Commissioner's Office (ICO), the UK supervisory authority for data protection.

 

15. Security

We use appropriate technical and organisational measures to protect personal data against unauthorised or unlawful processing, accidental loss, destruction or damage. These measures may include access controls, password protection, restricted access, supplier due diligence, secure hosting and other security safeguards appropriate to the nature of the data.

No online service can ever be guaranteed to be completely secure, but we take data security seriously and review our safeguards regularly.

 

16. Third-party links

Our website may contain links to third-party websites, plug-ins or platforms. If you follow a link to any third-party site, please note that those sites have their own privacy notices and practices. We are not responsible for those third-party practices.

 

17. Children's privacy

B FIT is not directed to children. We do not knowingly collect personal data from children under 13 through an online service without appropriate consent where required by law.

If you believe a child has provided personal data to us inappropriately, please contact us and we will take reasonable steps to investigate and, where appropriate, delete the data.

 

18. Changes to this Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our services, legal obligations or data practices. We will post the updated version on this page and update the "Last updated" date above.

 

19. Contact us

If you have any questions about this Privacy Policy or our data practices, please contact:

B FIT
Email: rachel@bfit.co.uk
Website: bfit.co.uk

bottom of page