Privacy Policy

Effective Date: 4 April 2026

1. Introduction

This Privacy Policy outlines how Rawi Fitness ("we", "us", or "our") collects, uses, and protects your personal information when you visit our website or use our services. We are committed to protecting your privacy in accordance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

Our website is hosted and managed by Wix.com Ltd., which provides secure website hosting, technical infrastructure, and limited analytics processing on our behalf. Wix acts as our data processor and may set essential and analytical cookies that help us operate and improve the site. These analy. Wix may also collect limited technical and analytical information to help us understand how the website is used and improve it

Rawi Fitness is the data controller for all personal information we collect directly from you, such as when you contact us, session booking information, or completed health forms.

At present, Rawi Fitness does not use any third-party analytics or marketing tools such as Google Analytics, Facebook Pixel, or similar technologies. However, we may introduce such tools in the future to help us understand how visitors use our website or to measure the effectiveness of our marketing. If we do so, we will ensure that:

we update this Privacy Policy and our Cookies Policy to explain how those tools collect and use information;
we obtain any necessary consent before placing non-essential cookies or tracking technologies on your device;
and any providers we engage will comply with UK data protection law.

2. What Information We Collect

We may collect and process the following types of personal data:

Identity Data: your name, date of birth and age where necessary for health screening, fitness assessments or to confirm that you are over 18
Contact Data: your email address, telephone number, postal address and billing address (where relevant).
Enquiry Data: the subject of your enquiry and any information you choose to include in messages, forms, emails, texts or other communications with us.
Health and Fitness Data: Physical health, fitness, goals, exercise experience, injuries, or limitations voluntarily provided by you.
Special Category Data: health, injury, medical and physical condition information that you voluntarily provide. We only process this information with your explicit consent or where otherwise permitted by law.
Transaction Data: Payment and purchase details.
Technical Data: IP address, browser type, and time zone (collected automatically by Wix analytics).
Marketing Data (if applicable): Preferences for receiving updates and promotions.

3. Sensitive Information

Please do not provide sensitive personal information unless it is necessary for your enquiry or the services you request. Sensitive personal information includes details about your health, medical conditions, injuries, disabilities or other special category data.

If you choose to provide information about your health, mobility, injuries, disabilities or age-related conditions, we will only use that information to assess whether our services are suitable for you, to tailor our services appropriately, and to respond to your enquiry. We will only process this information with your explicit consent or where otherwise permitted by law.

4. Children

Our services and website are not intended for children under the age of 18 without the involvement of a parent or guardian. We do not knowingly collect personal information from anyone under 18 without appropriate consent.

Where we become aware that a person may be under the age of 18, we will request consent from a parent, guardian, carer, attorney or other authorised representative before providing services or processing certain personal information.

We may also ask for additional consent where we need to process health, medical or other sensitive information in order to assess whether our services are suitable or can be provided safely.

5. Elderly, Disabled and Vulnerable Individuals

You may choose to provide information about your health, mobility, disabilities, medical conditions, injuries, age-related conditions or other circumstances relevant to your enquiry or use of our services. We will only use this information where necessary to understand and respond to your enquiry, assess whether our services are suitable, adapt our services to your needs, or help you participate safely in our services.

Where we become aware that a person may be vulnerable, lack capacity to make decisions, or require support, we may request consent from a parent, guardian, carer, attorney or other authorised representative before providing services or processing certain personal information.

We may also ask for additional consent where we need to process health, medical or other sensitive information in order to assess whether our services are suitable or can be provided safely.

Please only provide information that is necessary.

Where necessary to provide safe and appropriate services, we may collect information relating to:

mobility, physical limitations or disabilities;
injuries, medical conditions or age-related conditions;
accessibility requirements;
emergency contact details;
and any other information that you choose to provide which is relevant to your ability to participate safely in our services.

We only collect this information where it is necessary to assess whether our services are suitable, to adapt our services to your needs, or to respond to your enquiry.

Information about your health, disability, mobility or other vulnerabilities is treated as special category data under UK GDPR. We will only process this information with your explicit consent, or where otherwise permitted by law.

We ask that you only provide information that is necessary. We will keep this information secure and confidential and will only share it where necessary to deliver our services, protect your safety, comply with legal obligations, or where you have agreed that we may do so.

Where a client may require assistance in understanding this Privacy Policy or in making decisions about their information, we may communicate with a parent, guardian, carer, attorney or other authorised representative, but only where we have appropriate authority or consent to do so.

We will not make decisions based solely on automated processing in relation to elderly, disabled or vulnerable individuals.

6. How We Collect Information

We collect personal information through:

Forms you complete on our website or in-person (e.g., contact forms, bookings).
Forms you complete, such as PAR-Q (Physical Activity Readiness Questionnaire), food diaries, workout tracking, and profile information sheet.

Direct communications (e.g., emails, texts, messages, and consultations).

Purchases and transactions via our store, in-person, and/or banking Applications.

Use of cookies and similar tracking technologies.

We also automatically collect limited technical information (e.g., IP address, device type, and usage statistics) through Wix’s built-in analytics tools.

7. Why We Collect Your Data

We use your personal data to:

provide, manage and deliver safe and effective personal training services;
respond to your enquiries, messages, emails, texts and requests;
assess whether our services are suitable for you;
arrange consultations, appointments and other requested communications; maintain records of our communications and services provided;
maintain records of our communications and services provided;
process bookings, payments and purchases;
monitor health and fitness goals safely where relevant;
improve our website, services and customer experience;
send newsletters or marketing communications where you have given your consent; and
comply with our legal and regulatory obligations.

We will not use information contained in your enquiries, messages, emails or texts for marketing purposes unless you have separately agreed to receive marketing communications.

8. Lawful Bases for Processing

We rely on the following lawful bases under UK GDPR:

Consent – where you have given clear consent for us to process your personal data for a specific purpose, including sending marketing communications and processing health or fitness-related information.
Contract – where processing is necessary to provide the services you have requested, fulfil a contract with you, or process payments.
Legal Obligation – where we are required to process or retain information to comply with legal, tax, insurance or regulatory obligations.
Legitimate Interests – where processing is necessary for our legitimate interests in operating and improving our business, responding to enquiries, communicating with prospective and existing clients, maintaining records, and protecting our business, provided those interests are not overridden by your rights.

9. How We Store and Protect Your Data

We use Wix.com to host our website. As a result, your personal data may be transferred to and stored in countries outside the UK, including the United States, Ireland, South Korea, Taiwan, and Israel. Wix.com ensures that such transfers comply with UK data protection laws by implementing appropriate safeguards, such as Standard Contractual Clauses or relying on adequacy decisions where applicable.We use Wix.com to host our website. As a result, your personal data may be transferred to and stored in countries outside the UK, including the United States, Ireland, South Korea, Taiwan, and Israel. Where your personal data is transferred outside the UK, Wix.com states that it uses appropriate safeguards in accordance with UK GDPR. These safeguards may include adequacy regulations, the UK International Data Transfer Agreement (IDTA), the UK Addendum to the EU Standard Contractual Clauses, or other lawful transfer mechanisms. For more information visit Wix's Privacy Policy at: Wix.com Privacy Policy.

Your data is securely stored on Wix.com servers, which meet international security standards. We implement appropriate technical and organisational measures to protect your information.

We also collect personal information including client profiles, client details, PAR-Q forms, and training records, training goals and objectives, which are securely stored on password-protected devices and encrypted software used solely for business purposes. These devices are regularly updated and protected with encryption and antivirus software to safeguard your information from unauthorised access, loss, or misuse.

10. Sharing Your Data

We do not sell or rent your personal data. We may share your personal data with trusted third parties who provide services on our behalf, including:

website hosting and website functionality providers, including Wix.com;
payment processors, including Wix Payments and Stripe;
software providers used to store client records, appointments or training information; and
legal, regulatory, insurance or law enforcement authorities where we are required to do so by law.

All third parties acting on our behalf are required to keep your information secure and only process it in accordance with our instructions and UK data protection law.

11. Your Rights Under UK GDPR

You have the right to:

access the personal data we hold about you;
request correction of inaccurate or incomplete personal data;
request erasure of your personal data where applicable;
request restriction of processing;
object to our processing of your personal data;
receive a copy of your personal data in a portable format;
withdraw your consent at any time where we rely on consent;
not be subject to a decision based solely on automated processing; and
make a complaint to the Information Commissioner's Office (ICO).

We respond to all valid requests within one month as required by law.

To exercise any of these rights, please contact us at: rory@rawifitness.info

You also have the right to make a complaint to the Information Commissioner's Office (ICO) : https://ico.org.uk/make-a-complaint/

12. Cookies and Tracking

Our website uses essential and analytical cookies set by Wix.com to ensure proper site functionality and to generate aggregated website statistics. Analytical cookies may collect limited technical information, such as your IP address, browser type, device type and pages visited. We use this information only in aggregated form to understand how visitors use our website and to improve it.. You can manage your cookie preferences through your browser or our cookie banner. At this time, we only use essential cookies and limited analytical cookies provided by Wix.com. Where required by law, we will ask for your consent before placing analytical cookies on your device. For more information, see our Cookie Policy.

13. Data Retention

We retain your personal data only as long as necessary for the purposes for which we collected it, including legal, accounting, or reporting requirements:

Transactional data is retained for 6 years to comply with tax and accounting obligations.
Where you have consented to receive marketing communications, we will keep your marketing preferences until you unsubscribe or withdraw your consent.

Health and fitness data is retained for 6 years after the last recorded activity, for longer if required for insurance, legal or safeguarding reasons and then securely deleted.
Contact form enquiries, messages and related correspondence are retained for up to 12 months after our last communication with you.

14. Third-Party Links

Our site may contain links to third-party websites. We are not responsible for the privacy practices of these websites.

15. Privacy Policy Updates

We may update this policy from time to time. We will notify you of any significant changes and post the updated version on this page.

16. Contact Us

If you have any questions about this Privacy Policy or how we use your personal data, please contact us:

By email at: rory@rawifitness.info
By address at: 74 Trem-Y-Castell, Bridgend, CF35 6GA

If you contact us regarding your data, we may ask you to verify your identity before responding.