Bearwalden CrossFit Gym Saffron Walden Essex



You may have heard about the new General Data Protection Regulations (GDPR), that comes into effect on the 25th May 2018. To help comply with GDPR consent requirements, we would like to inform you all, how this affects you, and how your data is stored and used. In short, it doesn’t affect your day to day life one bit. (It has affected our bedtime reading though).
Bearwalden CrossFit respect your privacy and we never sell or share your data with third parties. The data you have provided us is stored in a secured location provided by Teamup and is only accessible by myself and Teamup. The data we have collected is only used for emergency contact details and to ensure the training we are programming is to your specific goals and your abilities. Under the GDPR you have a right to know what data is kept on our database and how it is stored/used, so if you have any concerns over this, then please do not hesitate to approach any of us and we will be more than happy to explain this new regulation to you further.
Bearwalden CrossFit uses three third parties for data processing to make your lives easier including TeamUp for class scheduling, GoCardless to take your membership fees and Mail Chimp to send you the very occasional email. Their Privacy Policies are listed below. We also use Facebook to keep in touch – You can control your own privacy settings through the app and we only use basic data, no more than is necessary, to keep on top of offering the best service for you.
If you have any suggestions or have any worries, please get in touch.
Furthermore you can unsubscribe at any time and have the right to be forgotten – Just ask!
Thanks for reading,
Coach Sam

Bearwalden CrossFit are committed to protecting and respecting your privacy providing complete transparency. We will never pass on any of your information to a third party unless it is specifically linked to the processing of your membership fees or signing up for classes.
This policy sets out the basis how any personal data we collect from you, or that you provide to us, will be processed by us. Please read the following carefully to understand our views and practices regarding your personal data, and how we’ll treat it.

For the purpose of the Data Protection Act 1998 (the Act), the data controller is Bearwalden CrossFit – Unit 2 Stanstead House, Saffron Walden, CB11 3AQ

Information we may collect from you

We may collect and use the following data about you:

  • Information that you provide by filling in forms on our website (“our site”). This includes information provided at the time of registering to use our site, subscribing to our service, posting material or requesting further services. We may also ask you for information when you report a problem with our site.
  • If you contact us, we may keep a record of that correspondence.
  • Details of transactions you carry out through our site and of the fulfilment of your membership.
  • Details of your visits to our site including, but not limited to, traffic data, location data, weblogs and other communication data, whether this is required for our own billing purposes or otherwise and the resources that you access.

IP Addresses and Cookies

We may collect information about your computer including, where available, your IP address, operating system and browser type, for system administration and to report aggregate information to our web team. This is data about our users’ browsing actions and patterns, and doesn’t identify any individual.
For the same reason, we may obtain information about your general internet usage by using a cookie file which is stored on the hard drive of your computer. Cookies contain information that’s transferred to your computer’s hard drive. They help us to improve our site and to deliver a better and more personalised service.
They enable us:

  • To estimate our audience size and usage pattern.
  • To store information about your preferences, and so allow us to customise our site according to your individual interests.
  • To speed up your searches.
  • To recognise you when you return to our site.


Performance cookies; Google Analytics etc.

  • These cookies are used to collect information about how visitors use our site. We use the information to compile reports and to help us improve the site. The cookies collect information in an anonymous form, including the number of visitors to the site, where visitors have come to the site from and the pages they visited.

Registration/Members login cookies

  • These cookies are used to track which visitors are signed in to the Members only area of the website so that these visitors do not have to enter their password for every Members only or admin page they visit – This relates in the main to your relationship with us via TeamUp and GoCardless.

Functionality cookies

  • These cookies are used to remember choices visitors have made including for example, remembering that a visitor has previously entered information in an online form.

Targeting/advertising cookies

  • These cookies are usually set by a third party in order to ensure a visitor gets shown a random, varied list of travel offers on each page they visit.

By using the site you are agreeing to the use of cookies as described.
You can refuse to accept cookies by activating the setting on your browser which allows you to do this. However, if you select this setting you may be unable to access certain parts of our site. Unless you’ve adjusted your browser setting so that it will refuse cookies, our system will issue cookies when you log on to our site.

Where we store your personal data

The data that we collect from you may be transferred to, and stored at, a destination outside the European Economic Area (EEA). It may also be processed by staff operating outside the EEA who work for us or for one of our suppliers or Members. Such staff may be engaged in, among other things, the fulfilment of your order, the processing of your payment details and the provision of services. By submitting your personal data, you agree to this transfer, storing or processing. We’ll take all reasonable steps to ensure that your data is treated securely and in accordance with this privacy policy.
Unfortunately, the transmission of information via the internet isn’t completely secure. Although we’ll do our best to protect your personal data, we can’t guarantee the security of your data transmitted to our site; any transmission is at your own risk. Once we’ve received your information, we’ll use our reasonable endeavours to try to prevent unauthorised access.

Uses made of the information

We may use information held about you in the following ways:

  • To provide you with information, products or services that you request from us or which we feel may interest you, where you’ve consented to be contacted for such purposes.
  • To carry out our obligations arising from any contracts entered into between you and us.
  • To allow you to participate in interactive features of our service, when you choose to do so.
  • To notify you about changes to our service.

If you’re an existing customer, we’ll only contact you by electronic or paper means (email, SMS, facebook messenger etc.) with information about goods and services similar to those which were the subject of a previous sale to you. We will only contact you by email if you have given us express permission.
We do not permit third parties to use your data.
If you don’t want us to use your data in this way, or to pass your details on to third parties for marketing purposes, please tick the relevant box situated on the form on which we collect your data. Or contact us to unsubscribe at any time.

Disclosure of your information

We may disclose your personal information to third parties:

  • If Bearwalden CrossFit or substantially all of its assets are acquired by a third party, in which case personal data held by it about its customers will be one of the transferred assets
  • If we’re under a duty to disclose or share your personal data in order to comply with any legal obligation, or in order to enforce or apply our terms and conditions of use and other agreements; or to protect the rights, property, or safety of Bearwalden CrossFit, our customers, or others. This includes exchanging information with other companies and organisations for the purposes of fraud protection and credit risk reduction.

Your rights

You have the right to ask us not to process your personal data for marketing purposes. We’ll inform you (before collecting your data) if we intend to use your data for such purposes or if we intend to disclose your information to any third party for such purposes. You can exercise your right to prevent such processing by checking certain boxes on the forms we use to collect your data. You can also exercise the right at any time by contacting us.
Our site may, from time to time, contain links to and from the websites of our Members, partner networks, advertisers and affiliates especially CrossFit. If you follow a link to any of these websites, please note that these websites have their own privacy policies and that we don’t accept any responsibility or liability for these policies. Please check these policies before you submit any personal data to these websites.

Access to information

The Act gives you the right to access personal information held about you. Your right of access can be exercised in accordance with the Act. You can request access to your information at any time.

Changes to our privacy policy

Any changes we may make to our privacy policy in the future will be posted on this page and, where appropriate, notified to you by email. Updated 24 May 2018.

The responsibility we have to businesses and customers that use TeamUp is not one we take lightly. We have always made security, privacy, and transparency top priorities as we’ve built TeamUp over the past 6 years. On May 25th, the General Data Protection Regulation (GDPR) will come into effect across Europe and we’re excited to use this as an opportunity to review our data handling policies. Though TeamUp acts as a platform for fitness businesses to interact with their customers, we are responsible for all data passing through our system.
We will ensure the principles of the GDPR (transparency, purpose limitation, data minimization, accuracy, storage limitation, confidentiality, and accountability — see below) are upheld throughout our product and company. What we’re doing As a company that handles the personal data of many European citizens, we are committed to fully complying with the GDPR.
Here are some of the steps we’re taking: Mapping how all data passes through our systemUpdating our Privacy Policy and Terms of Service to improve clarity around personal dataMaking changes to our product to ensure compliance with GDPR, including improved messaging around how personal data will be used and sharedTraining our staff about TeamUp’s data handling policies as well as the GDPR in generalYour responsibility as a business As a business using TeamUp, compliance with the GDPR is simplified but not eliminated.
You should educate yourself about the GDPR and ensure its principles are being followed in all aspects of your business. The European Commission has a great website to help small businesses understand and ensure compliance with the GDPR. For example, any data you collect directly from customers or download from TeamUp must comply with the GDPR. Here’s a quick run-through of what the principles mean:
Transparency — customers should clearly understand what their personal data will be used for and understand how to revoke consent
Purpose Limitation — personal data must only be used for what it was originally intended
Data Minimization — personal data should only be collected if absolutely necessary
Accuracy — personal data will be kept up to date as best as possible
Storage Limitation — personal data will only be stored for as long as necessary to satisfy the original purpose
Confidentiality — personal data will be protected against unauthorized access
Accountability — compliance with the GDPR can be demonstrated within your business
Looking forward In the months and years ahead we will continue to develop TeamUp with data privacy as one of our top priorities. We strive to always be improving our processes and product to protect and serve our customers. If you have any questions, concerns, or suggestions, please get in touch.

MailChimp has updated its Privacy Policy and Terms of Use, effective May 23, 2018. These changes were made primarily in preparation for the EU’s new data privacy law, the General Data Protection Regulation (GDPR). With these updates, MailChimp reaffirms its commitment to safeguarding the personal data of our members, contacts, and anyone who visits our websites. MailChimp has three core privacy principles: accountability through awareness, empowering individuals, and protecting and safeguarding information.
We embrace privacy by design, which means our teams actively design and build features with privacy considered alongside innovation and functionality. Here are some highlights of the changes we’ve made: We restructured our Privacy Policy to present three primary audience groups with the information that’s most relevant to each. These groups are members (like yourself), your contacts, and website visitors. This policy will also inform these groups on how they can exercise their rights under the GDPR and control the use of their personal information through our services.
If you, or your use of MailChimp, are subject to EU data protection law (including the GDPR), we’ve updated your obligations when using MailChimp to reflect the new requirements under the GDPR. We’ve reaffirmed MailChimp’s commitment to the responsible collection, use, transfer, disclosure, and management of your personal information.
We encourage you to take the time to review our revised Privacy Policy and Terms of Use. By continuing to use MailChimp on or after May 23, 2018, you acknowledge our updated Privacy Policy and agree to our updated Terms of Use. As our company grows and evolves, we’ll continue to focus on strengthening and improving our privacy practices and tools, for the benefit of our members, contacts, and website visitors.

Protecting our customers’ data is a priority for GoCardless. With the General Data Protection Regulation (GDPR) coming into effect in May, we welcome the opportunity to deepen our commitment in the area of data privacy. We are making changes to our policies, processes, products and systems to ensure that we comply with the Regulation and continue to put data protection first. We’re also committed to helping our customers meet their requirements under the Regulation. GDPR: A new data privacy landscape Advances in technology over the last decade have led to the proliferation of personal data.
More organisations are sharing and collecting different types of personal data than ever before: from IP addresses through to health data, purchasing behaviour, viewing preferences and more. From 25 May 2018, organisations who handle personal data will need to meet new legal requirements, as the General Data Protection Regulation comes into effect across the EU (replacing the 1995 EU Data Protection Directive). On the same day, the UK’s Data Protection Bill will pass into law, as the Data Protection Act 2018, effectively implementing the GDPR into UK law. GDPR, and the forthcoming Data Protection Act 2018, expand the privacy rights granted to data subjects (EU/EEA individuals) and place greater obligations on organisations who handle personal data of those individuals (data controllers and processors), wherever those organisations are based. The Regulation and accompanying UK Act will standardise data protection laws across EU member countries (and post-Brexit UK), giving EU and UK citizens greater control over their personal data.
For example, making it easier to understand how your data is being used, and ensuring that the organisations you entrust with your data are taking care of it. What we’re doing to comply with GDPR As an organisation that handles personal data (e.g. name, bank account details, email and address of the end customers who pay our merchants), GoCardless is committed to ensuring that we are compliant with GDPR.
Some of the steps we have taken and are taking include: mapping all data handled by GoCardless and our suppliers analysing GDPR requirements against our current processes and policies making changes to our products and processes in line with requirements reviewing and updating contracts, as and where appropriate training all staff on the requirements of GDPR and GoCardless’ data privacy procedures. GoCardless Privacy Programme Organisations must ensure that they are compliant with the provisions of the GDPR when it comes into effect, but the requirement to be compliant doesn’t end on 25 May. While there are boxes that need ticking, GoCardless’ approach is not only to fix immediate issues, but to implement ‘privacy by design’. In 2017, we launched the GoCardless Privacy Programme, appointing privacy champions in every team across the business, to drive privacy compliance and embed the principles of GDPR (transparency, purpose limitation, data minimisation, accuracy, storage limitation, confidentiality and accountability) throughout the entire organisation, at every level.
With our Privacy Programme, we aim to ensure that data privacy is a day to day consideration across the business, for all our team members and central to how we work – from onboarding new employees to choosing new suppliers and launching new product features. To find out more about data protection at GoCardless, see our FAQs. GoCardless and GDPR