GDPR Compliance

Our Commitment to Data Protection

NeuroGlide Shield Ltd is committed to protecting your personal data in accordance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018. This page provides specific information about how we comply with these regulations and your rights under data protection law.

Data Controller

NeuroGlide Shield Ltd is the data controller responsible for your personal data. Our contact details are:

NeuroGlide Shield Ltd
42 Kennington Lane
London SE11 4LS
United Kingdom
Email: [email protected]

What Personal Data We Collect

We collect and process the following categories of personal data:

Identity and Contact Data

• Full name
• Email address
• Postal address
• Date of birth (for clients)

Health and Fitness Data

• Medical history relevant to training
• Current injuries or physical limitations
• Fitness assessment results
• Training progress and performance data
• Body composition measurements

Financial Data

• Payment information and transaction records
• Billing address

Technical Data

• IP address
• Browser type and version
• Device information
• Website usage data

Lawful Basis for Processing

We only process your personal data when we have a lawful basis to do so. The specific lawful bases we rely on are:

Contract Performance

We process your data to fulfil our contractual obligations when providing coaching services. This includes creating training programmes, conducting assessments, and communicating about your training.

Consent

For certain types of processing, particularly health data, we obtain your explicit consent. You can withdraw this consent at any time by contacting us.

Legitimate Interests

We may process data where necessary for our legitimate business interests, such as improving our services, maintaining records, and communicating with enquirers. We always balance these interests against your rights and freedoms.

Legal Obligation

We process certain data to comply with legal obligations, such as maintaining financial records for tax purposes.

Your GDPR Rights

Under the UK GDPR, you have the following rights regarding your personal data:

Right to Access

You can request a copy of the personal data we hold about you. We will provide this free of charge within one month of your request.

Right to Rectification

If your personal data is inaccurate or incomplete, you can ask us to correct or complete it.

Right to Erasure

You can request deletion of your personal data in certain circumstances, such as when it's no longer necessary for the purpose it was collected or if you withdraw consent.

Right to Restrict Processing

You can ask us to temporarily stop processing your data in certain situations, such as when you're contesting the accuracy of the data.

Right to Data Portability

You can request that we transfer your data to another service provider in a structured, commonly used format.

Right to Object

You can object to processing of your data when we're relying on legitimate interests as the legal basis. We must stop processing unless we can demonstrate compelling legitimate grounds that override your interests.

Rights Related to Automated Decision-Making

We do not use automated decision-making or profiling that produces legal effects or similarly significant effects on you.

How to Exercise Your Rights

To exercise any of your GDPR rights, please contact us:

• Email: [email protected]
• Post: 42 Kennington Lane, London SE11 4LS, United Kingdom

When making a request, please provide sufficient information to help us identify you and understand your request. We may need to verify your identity before processing your request.

We will respond to all legitimate requests within one month. Occasionally, it may take us longer if your request is particularly complex or you have made multiple requests. In this case, we will notify you and keep you updated.

Data Security Measures

We have implemented appropriate technical and organisational measures to ensure a level of security appropriate to the risk, including:

• Encryption of data in transit and at rest
• Regular security assessments and penetration testing
• Access controls and authentication requirements
• Regular staff training on data protection
• Incident response procedures
• Secure backup and recovery systems

Data Breach Notification

In the unlikely event of a personal data breach that poses a risk to your rights and freedoms, we will:

• Report the breach to the Information Commissioner's Office within 72 hours of becoming aware of it
• Notify affected individuals without undue delay if the breach is likely to result in high risk to their rights and freedoms
• Take immediate steps to contain and remedy the breach
• Document the breach and our response in accordance with GDPR requirements

Data Retention

We retain personal data only for as long as necessary to fulfil the purposes for which it was collected or as required by law:

• Client training records: 7 years after last session
• Financial records: 6 years (UK tax law requirement)
• Email correspondence: 3 years unless earlier deletion requested
• Website analytics: 2 years
• Marketing consent records: Retained until consent is withdrawn, then archived for compliance purposes

After retention periods expire, data is securely deleted or anonymised so that it can no longer identify you.

Third-Party Data Sharing

We only share your personal data with third parties where necessary and with appropriate safeguards:

Service Providers

We work with carefully selected service providers who process data on our behalf. All processors are bound by data processing agreements that require them to:

• Process data only according to our instructions
• Implement appropriate security measures
• Not use data for their own purposes
• Delete or return data when services end

Healthcare Professionals

With your explicit consent, we may share relevant information with your doctor, physiotherapist, or other healthcare providers to coordinate care.

Legal Requirements

We may disclose data where required by law, court order, or regulatory authority.

International Data Transfers

Your data is primarily stored and processed within the United Kingdom. If we transfer data internationally, we ensure appropriate safeguards are in place, such as:

• Standard contractual clauses approved by the UK government
• Transfers to countries with adequacy decisions
• Other appropriate safeguards recognised under UK GDPR

Children's Data

We do not knowingly collect or process personal data from individuals under 16 without parental consent. For clients aged 16-18, we require parental or guardian consent before providing services and processing their data.

Updates to This Information

We may update this GDPR information from time to time to reflect changes in our data processing practices or legal requirements. Significant changes will be communicated to existing clients directly. The updated version will always be available on our website with a revised date.

Complaints

If you believe we have not handled your personal data properly, please contact us first so we can investigate and resolve your concern.

You also have the right to lodge a complaint with the Information Commissioner's Office (ICO), the UK's supervisory authority for data protection:

Information Commissioner's Office
Wycliffe House, Water Lane
Wilmslow, Cheshire SK9 5AF
Telephone: 0303 123 1113
Website: www.ico.org.uk

Questions

If you have any questions about how we process your personal data or our GDPR compliance, please contact us at [email protected].