Privacy Policy

1. Introduction

Iron & Grace Fitness ("we," "our," or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you visit our website your-domain.com and use our fitness services.

Please read this privacy policy carefully. If you do not agree with the terms of this privacy policy, please do not access the site or use our services.

2. Information We Collect

2.1 Personal Data

We may collect personal information that you voluntarily provide to us when you:

• Register for an account or membership
• Subscribe to our newsletter
• Book fitness classes or personal training sessions
• Purchase products or services
• Contact us via email, phone, or contact forms
• Participate in surveys or promotions

Personal data may include:

• Name and contact information (email address, phone number, mailing address)
• Account credentials (username, password)
• Billing and payment information
• Date of birth and age
• Health and fitness information (fitness goals, medical conditions, dietary preferences)
• Emergency contact information
• Profile photos and user-generated content

2.2 Automatically Collected Information

When you visit our website, we automatically collect certain information about your device, including:

• IP address and device identifiers
• Browser type and version
• Operating system
• Referring URLs and pages viewed
• Date and time of visits
• Clickstream data and navigation patterns
• Location data (with your consent)

2.3 Health and Fitness Data

With your consent, we may collect sensitive health-related information necessary to provide personalized fitness services, including physical assessments, injury history, and fitness progress tracking.

3. How We Use Your Information

We use the information we collect for the following purposes:

• Service Delivery: To provide, operate, and maintain our fitness services and website
• Account Management: To create and manage your account, process memberships, and handle bookings
• Payment Processing: To process transactions and send billing information
• Communication: To send administrative information, class updates, and respond to inquiries
• Marketing: To send promotional materials, newsletters, and special offers (with your consent)
• Personalization: To customize your fitness experience and provide tailored recommendations
• Analytics: To analyze usage patterns and improve our website and services
• Safety: To ensure facility safety and member security
• Legal Compliance: To comply with legal obligations and enforce our terms
• Research: To conduct fitness program research and development (anonymized data)

4. Legal Basis for Processing (GDPR)

Under the General Data Protection Regulation (GDPR), we process your personal data based on the following legal grounds:

• Consent: You have given explicit consent for processing your personal data for specific purposes
• Contract: Processing is necessary for performing our contract with you (membership, services)
• Legal Obligation: Processing is required to comply with legal or regulatory requirements
• Legitimate Interests: Processing is necessary for our legitimate business interests, provided your rights do not override these interests

5. Cookies and Tracking Technologies

5.1 What Are Cookies

Cookies are small text files placed on your device to collect standard internet log information and visitor behavior. We use cookies and similar tracking technologies to enhance your browsing experience.

5.2 Types of Cookies We Use

• Essential Cookies: Required for the website to function properly (session management, security)
• Performance Cookies: Help us understand how visitors interact with our website (Google Analytics)
• Functional Cookies: Remember your preferences and settings
• Marketing Cookies: Track your browsing across websites to deliver targeted advertising

5.3 Managing Cookies

You can control and manage cookies through your browser settings. However, disabling cookies may limit your ability to use certain features of our website. To opt-out of interest-based advertising, visit www.aboutads.info/choices or www.youronlinechoices.eu.

6. Third-Party Services and Disclosure

6.1 Service Providers

We may share your information with third-party service providers who perform services on our behalf, including:

• Payment processors (Stripe, PayPal)
• Email service providers (Mailchimp, SendGrid)
• Analytics services (Google Analytics, Facebook Pixel)
• Cloud hosting providers (AWS, Google Cloud)
• Customer relationship management (CRM) systems
• Scheduling and booking platforms
• Marketing and advertising partners

6.2 Business Transfers

If we are involved in a merger, acquisition, or sale of assets, your personal data may be transferred. We will provide notice before your data is transferred and becomes subject to a different privacy policy.

6.3 Legal Requirements

We may disclose your information if required to do so by law or in response to valid requests by public authorities (e.g., court orders, government agencies).

7. Data Security

We implement appropriate technical and organizational security measures to protect your personal data against unauthorized access, alteration, disclosure, or destruction. These measures include:

• SSL/TLS encryption for data transmission
• Secure password hashing and authentication
• Regular security assessments and updates
• Access controls and employee training
• Secure backup and disaster recovery procedures
• Firewall protection and intrusion detection

However, no method of transmission over the internet or electronic storage is 100% secure. While we strive to protect your data, we cannot guarantee absolute security.

8. Data Retention

We retain your personal data only for as long as necessary to fulfill the purposes outlined in this privacy policy, unless a longer retention period is required or permitted by law.

• Active Accounts: Data retained while your account is active and for a reasonable period thereafter
• Transaction Records: Financial records retained for 7 years for tax and legal compliance
• Marketing Data: Retained until you unsubscribe or request deletion
• Health Data: Retained according to healthcare regulations and consent periods
• Legal Requirements: Some data may be retained longer if required by law

After the retention period expires, we will securely delete or anonymize your personal data.

9. Your Privacy Rights

Depending on your location, you may have the following rights regarding your personal data:

9.1 GDPR Rights (EU/EEA Residents)

• Right to Access: Request copies of your personal data
• Right to Rectification: Request correction of inaccurate or incomplete data
• Right to Erasure: Request deletion of your personal data ("right to be forgotten")
• Right to Restrict Processing: Request limitation of how we use your data
• Right to Data Portability: Receive your data in a structured, machine-readable format
• Right to Object: Object to processing based on legitimate interests or direct marketing
• Right to Withdraw Consent: Withdraw consent at any time (where processing is based on consent)
• Right to Lodge a Complaint: File a complaint with your local data protection authority

9.2 CCPA Rights (California Residents)

• Right to know what personal information is collected, used, shared, or sold
• Right to delete personal information
• Right to opt-out of the sale of personal information
• Right to non-discrimination for exercising CCPA rights

9.3 Exercising Your Rights

To exercise any of these rights, please contact us using the information provided in Section 13. We will respond to your request within 30 days (or as required by applicable law).

10. Children's Privacy

Our services are not directed to individuals under the age of 16. We do not knowingly collect personal information from children under 16. If you are a parent or guardian and believe your child has provided us with personal data, please contact us immediately. For minors aged 16-18, we may require parental consent before providing certain services.

11. International Data Transfers

Your information may be transferred to and processed in countries other than your country of residence. These countries may have data protection laws different from your jurisdiction. We ensure appropriate safeguards are in place to protect your data, including:

• Standard Contractual Clauses approved by the European Commission
• Privacy Shield certification (where applicable)
• Adequacy decisions by regulatory authorities
• Your explicit consent for the transfer

12. Changes to This Privacy Policy

We may update this privacy policy from time to time to reflect changes in our practices, technology, legal requirements, or for other operational reasons. We will notify you of any material changes by:

• Posting the new privacy policy on this page
• Updating the "Last Updated" date
• Sending an email notification (for significant changes)
• Displaying a prominent notice on our website

We encourage you to review this privacy policy periodically to stay informed about how we protect your information.

14. Additional Information

14.1 Do Not Track Signals

Some browsers have a "Do Not Track" feature that signals to websites that you do not want your online activities tracked. Our website currently does not respond to Do Not Track signals.

14.2 Your California Privacy Rights

California Civil Code Section 1798.83 permits California residents to request certain information regarding disclosure of personal information to third parties for direct marketing purposes. To make such a request, please contact us using the information provided above.

14.3 Accessibility

We are committed to making our privacy policy accessible to individuals with disabilities. If you need this information in an alternative format, please contact us.