1.1Welcome to John Bruno Total Training. Anywhere "We", "Us" and "our" “John Bruno Total Training”, “JBTT”“the data controller”, “www.johnbrunototaltraining.com” is used in this document; it shall be referring to the company and our other third party agents.
1.3 Our policy complies with UK law accordingly implemented, including that required by the EU General Data Protection Regulation (GDPR)
1.4 The law requires us to tell you about your rights and our obligations to you in regards to the processing and control of your personal data.
1.5 We regret if there is any part of this policy that you are not happy about, your only recourse is to stop using the website.
1.6 We undertake to preserve the confidentiality of all information you provide to us, and hope that you reciprocate.
1.8 Except as set out below, we do not share, or sell, or disclose to a third party, any information collected through our website.
2.0 About The Company
2.1 John Bruno Total Training is a reliable fitness and health company Established in 1991.
2.2 The website is owned and managed by John Bruno Total Training, and we are registered in the United Kingdom.
2.3 You Can Contact Us:
3.0 Data Controller officer
3.1 The data controller responsible in respect of the information collected on this website is: John Bruno.
Our data protection declaration is legible and understandable for the general public, as well as our clients. To ensure this, we would like to begin by explaining the terminology used.
4.1 Personal data
Personal data means any information relating to an identified or identifiable natural person (“data subject”). An identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
4. 2Data subject
Data subject is any identified or identifiable natural person, whose personal data is processed by the controller responsible for the processing. The data subject here is “You”.
In the context of the law and this notice, “process” is any operation or set of operations which is performed on personal data or on sets of personal data, such as collection, dissemination, storage, transfer, use or otherwise making available, alignment or combination, restriction, erasure or destruction.
4.4 Restriction of process
Restriction of processing is the marking of stored personal data with the aim of limiting their processing in the future.
4.5 Data Controller or Controller responsible for the processing
This is the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of data subject’s personal data. The controller here is “John Bruno Total Training” or our “data controller agent”.
4.6 Third party
Third party is a natural or legal person, public authority, agency or body other than the data subject, data controller and persons who, under the direct authority of the controller or processor, are authorized to have access to your Personal Information only to perform specific tasks on our behalf and are obligated not to disclose or use your information for any other purpose.
Consent of the data subject is any freely given, specific, informed and unambiguous indication of the data subject’s wishes by which they, by a statement or by a clear affirmative action, signifies agreement to the processing of the personal data relating to them.
Profiling means any form of automated processing of personal data consisting of the use of personal data to evaluate certain personal aspects relating to a natural person, in particular to analyze or predict aspects concerning that natural person’s preferences, interests, reliability, behavior, location or movements etc
5.0 How We Use Your Personal Data
5.1 John Bruno Total Training collects a series of general data when you or any automated system calls up the website. In this Section 5 we have set out:
(a)the general categories of personal data that we may process;
(b)in the case of personal data that we did not obtain directly from you, the source and specific categories of that data;
(c)the purposes for which we may process personal data; and
(d)the legal bases of the processing.
5.2 We may process data about your use of our website and design services ("usage data"). This may include your IP address, geographical location, browser type and version, operating system, referral source, length of visit, page views and website navigation paths, as well as information about the timing, frequency and pattern of your service use]. The source of the usage data is our analytics tracking system. This usage data may be processed for the purposes of analyzing the use of our Website and web design services. The legal basis for this processing is our legitimate interests in monitoring and improving our website and services.
5.3 We may process your account data ("account data"). This may include your name and email address. The source of the account data shall be you and may be processed for the purposes of operating our website, providing our design services, ensuring the security of our website and services, maintaining back-ups of our databases and communicating with you. The legal basis for this processing is our legitimate interests in the proper administration of our fitness and health services and the performance of a contract between you and Us and/or taking steps, at your request, to enter into such a contract.
5.4 We may process your information included in your personal profile on our website ("profile data"). The profile data may include your name, address, telephone number, email address, and gender. The profile data may be processed for the purposes of enabling and monitoring your use of our website and website design services. The legal basis for this processing is our legitimate interests, which is the proper administration of our website and designing services and the performance of a contract between you and us and/or taking steps, at you request, to enter into such a contract.
5.5 We may process your personal data that are provided in the course of the use of our services ("service data"). The source of the service data is you, and the service data may be processed for the purposes of operating our website, providing our web design and graphic design services, ensuring the security of our fitness and health services, maintaining back-ups of our databases and communicating with you. The legal basis for this processing is our legitimate interests, which is the proper administration of our website and design business.
5.6 We may process information contained in any enquiry you submit to us regarding our services ("enquiry data"). The enquiry data may be processed for the purposes of offering, marketing and selling relevant fitness and health services to you.
5.7 We may process information relating to our customer relationships, including customer contact information ("customer relationship data"). The customer relationship data may include your name, your business name, your contact details, and information contained in communications between us and you or your agent. The source of the customer relationship data is you, and the data may be processed for the purposes of managing our relationships with you, communicating with you, keeping records of those communications and promoting our services to other clients. The legal basis for this processing is our legitimate interests, which include the proper management of our customer relationships.
5.8 We may process information that you provide to us for the purpose of subscribing to our email notifications and/or newsletters ("notification data"). The notification data may be processed for the purposes of sending you pertinent notifications and/or newsletters.
5.9 We may process information contained in or relating to any communication that you send to us ("correspondence data"). The correspondence data may include the communication content and metadata associated with the communication. Our website will generate the metadata associated with communications made using the website contact forms. The correspondence data may be processed for the purposes of communicating with you and record-keeping.
5.10 We may process any of your personal data identified in this policy where necessary for the establishment, exercise or defense of legal claims, whether in court proceedings or in an administrative or out-of-court procedure. The legal basis for this processing is our legitimate interests, namely the protection and assertion of our legal rights, your legal rights and the legal rights of others.
5.11 We may process any of your personal data identified in this policy where necessary for the purposes of obtaining or maintaining insurance coverage, managing risks, or obtaining professional advice. The legal basis for this process is our legal interests, namely the appropriate protection of our business against risks.
5.12 you may not provide any other person's personal data to us, except otherwise requested.
6.0 Disclosure of information
6.1 John Bruno Total Training may disclose your personal information to the extent permitted by law to our data controller agents insofar as reasonably necessary for the purposes, and on the legal bases, set out in this policy.
6.2 We may disclose your personal data to our insurers and/or professional advisers provided it is necessary for the purposes of obtaining or maintaining insurance coverage, managing risks, obtaining professional advice, or the establishment, exercise or defense of legal claims, whether in court proceedings or in an administrative or out-of-court procedure.
6.3 Financial transactions relating to our fitness and health services are handled by our payment services providers, [State your PSP]. We will share transaction data with our payment services providers only to the extent permitted for the reasons of processing your payments, refunding such payments and dealing with complaints and queries relating to such payments and refunds. You can get information about our payment services providers' privacy policies and practices here: [insert PSP URL].
6.4 In addition to the specific disclosures of personal data set out in this Section 6, we may disclose your personal data where such disclosure is necessary for compliance with a legal obligation to which we are subject, or in order to protect your vital interests or the vital interests of another natural person. We may also disclose your personal data where such disclosure is necessary for the establishment, exercise or defense of legal claims, whether in court proceedings or in an administrative or out-of-court procedure.
7.0 Payment Information
7.1 John Bruno Total Training will not store your debit or credit card details when you provide them to us during payment. The card details will be passed securely to our payment provider to facilitate the transaction and nothing else.
8.0 About This Website’s Server
8.1 This website is hosted by [Concept Studio Dedicated Server with UKFast.Net Ltd] within a secure UK based data centre.
8.2 All traffic (transfer of files) between this website and your browser is encrypted and delivered over HTTPS.
9.0 Third Party Data Processors
We use a number of third parties to process personal data on our behalf. These third parties have been carefully chosen and all of them comply with the EU GDPR policy.
10.0 Data Breaches
10.1 JBTT shall report any unlawful data breach of our website’s database or the database(s) of any of our third party data processors to any and all relevant persons and authorities within 72 hours of the breach, if it is apparent that personal data stored in an identifiable manner has been stolen.
11.0 Routine removal and blocking of personal data
11.1 The data controller shall process and store your personal data only for the period necessary to achieve the purpose of storage or as far as this is granted by the European legislator or other legislators in laws or regulations to which we or our agent is subject to;
11.2 If the storage purpose is not applicable, or if a storage period prescribed by the European legislator or another competent legislator expires, the personal data are routinely blocked or erased in accordance with legal requirements.
12.0 Your Rights
12.1 Right of confirmation
You have the right granted by the European legislator to obtain from Us, the controller or our agent, the confirmation as to whether or not the personal data concerning you are being processed. If you wish to avail yourself of this right of confirmation, you may, at any time, contact our Data Protection Officer or another employee of the controller.
12.2 Right of access
12.2.1 You shall have the right granted by the European legislator to obtain from Us, the controller free information about your personal data stored at any time and a copy of this information. The European directives and regulations grant you access to the following information:
- the categories of personal data concerned;
- the purposes of the processing;
- the recipients or categories of recipients to whom the personal data have been or will be disclosed, in particular recipients in third countries or international organizations;
- where possible, the envisaged period for which the personal data will be stored, or, if not possible, the criteria used to determine that period;
- the existence of the right to request from the controller rectification or erasure of personal data, or restriction of processing of personal data concerning the data subject, or to object to such processing;
- the existence of the right to lodge a complaint with a supervisory authority;
- where the personal data are not collected from the data subject, any available information as to their source;
- the existence of automated decision-making, including profiling, referred to in Article 15 of the GDPR and, at least in those cases, meaningful information about the logic involved, as well as the significance and envisaged consequences of such processing for the data subject.
12.2.2 You shall have a right to obtain information as to whether personal data are transferred to a third country or to an international organization. Where this is the case, the data subject shall have the right to be informed of the appropriate safeguards relating to the transfer.
12.2.3 If you wish to avail yourself of this right of access, you may at any time contact our Data Protection Officer or another employee of the controller.
12.3 Right To Rectification
The right to rectification is set out in Article 16 of the GDPR.
- You shall have the right granted by the European legislator to obtain from Us, the controller without undue delay, the rectification of inaccurate personal data concerning you. Taking into account the purposes of the processing, you shall have the right to have incomplete personal data completed, including by means of providing a supplementary statement.
- If you wish to exercise this right to rectification, you may, at any time, contact our Data Protection Officer or another employee of the controller.
12.4 Right to Erasure
12.4.1 You have the right granted by the European legislator to request from Us or the Data controller officer the erasure of personal data concerning you without undue delay, and we shall have the obligation to erase personal data without undue delay where one of the following grounds applies, as long as the processing is not necessary:
- The personal data are no longer needed in relation to the purposes for which they were collected or otherwise processed;
- You withdraw consent to which the processing is based according to point (a) of Article 6(1) of the GDPR, or point (a) of Article 9(2) of the GDPR, and where there is no other legal ground for the processing;
- You object to the processing pursuant to Article 21(1) of the GDPR and there are no overriding legitimate grounds for the processing, or the data subject objects to the processing pursuant to Article 21(2) of the GDPR.
- The personal data have been unlawfully processed; and
- The personal data have been collected in relation to the offer of information society services referred to in Article 8(1) of the GDPR.
12.4.2 If one of the aforementioned reasons applies, and you wish to request the erasure of personal data stored by JBTT, you may at any time contact our Data Protection Officer or third party agent. The Data Protection Officer of JBTT or a third party controller shall promptly ensure that the erasure request is complied with immediately.
12.4.3 Where we have made personal data public and is obliged pursuant to Article 17(1) to erase the personal data, we, taking account of available technology and the cost of implementation, shall take reasonable steps, including technical measures, to inform our agents processing the personal data that you have requested erasure by such agents of any links to, or copy or replication of, those personal data, as far as processing is not required. The Data Protection Officer of JBTT or our data controller agent will arrange the necessary measures in individual cases.
12.5 Right to object to processing
12.5.1 You shall have the right granted by the European legislator to obtain from Us, the controller restriction of processing where one of the following applies:
- The accuracy of the personal data is contested by you, for a period enabling Us to verify the accuracy of the personal data.
- The processing is unlawful and you oppose the erasure of the personal data and request instead for the restriction of their use.
- We no longer needs the personal data for the purposes of the processing, but are required by you for the establishment, exercise or defense of legal claims.
- You have objected to processing pursuant to Article 21(1) of the GDPR pending the verification whether the legitimate grounds of the controller override those of the data subject. This must be notified to data subjects under Articles 21(4), 13(2)(b) and 14(2)(c)
12.5.2 If one of the aforementioned conditions is met, and you wish to request the restriction of the processing of personal data stored by JBTT, you may at any time contact our Data Protection Officer. The Data Protection Officer for JBTT will arrange the restriction of the processing.
12.6 Right to data portability
12.6.1 You shall have the right granted by the European legislator, to receive the personal data concerning you, which was provided to Us, in a structured, commonly used and machine-readable format. You shall have the right to transmit those data to another controller without hindrance from the controller to which the personal data have been provided, as long as the processing is based on consent pursuant to point (a) of Article 13(2)(b) of the GDPR or point (a) of Article 9(2) of the GDPR, or on a contract pursuant to point (b) of Article 6(1) of the GDPR, and the processing is carried out by automated means, as long as the processing is not necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller.
12.6.2 In exercising your right to data portability pursuant to Article 20(1) of the GDPR, you shall have the right to have your personal data transmitted directly from one controller to another, where technically feasible and when doing so does not adversely affect the rights and freedoms of others.
12.6.3 To assert the right to data portability, you may at any time contact Us or the Data Protection Officer designated by JBTT.
12.7 Right to object
12.7.1You shall have the right granted by the European legislator to object, on grounds relating to your particular situation, at any time, to processing of personal data concerning you, which is based on point (e) or (f) of Article 6(1) of the GDPR. This also applies to profiling based on these provisions.
12.7.2 JBTT shall no longer process the personal data in the event of the objection, unless we can demonstrate compelling legitimate grounds for the processing which override the interests, rights and freedoms of the data subject, or for the establishment, exercise or defense of legal claims.
12.7.3 If JBTT processes your personal data for direct marketing purposes, you shall have the right to object at any time to processing of your personal data for such marketing. This applies to profiling to the extent that it is related to such direct marketing. If you object to JBTT to the processing for direct marketing purposes, JBTT will no longer process the personal data for these purposes.
12.7.4 You have the right, on grounds relating to your particular situation, to object to processing of personal data concerning you by JBTT for scientific or historical research purposes, or for statistical purposes pursuant to Article 89(1) of the GDPR, unless the processing is necessary for the performance of a task carried out for reasons of public interest.
12.8 Automated individual decision-making, plus profiling
12.8.1Y ou shall have the right granted by the European legislator not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning you, or similarly significantly affects you, as long as the decision is not:
- necessary for entering into, or the performance of, a contract between you and Us;
- authorized by Union or Member State law to which we are subject and which also lays down suitable measures to safeguard your rights and freedoms and legitimate interests; or
- Based on the data subject’s explicit consent.
If the decision is:
- necessary for entering into, or the performance of, a contract between you and Us; or
- based on the data subject’s explicit consent,
12.8.2 JBTT shall implement suitable measures to safeguard your rights and freedoms and legitimate interests, at least the right to obtain human intervention on our part, to express your viewpoint and contest the decision.
12.8.3 If you wish to exercise the rights concerning automated individual decision-making, you may at any time directly contact JBTT or any of our Data Protection Agents.
12.9 Right to withdraw consent
12.9.1 You shall have the right granted by the European legislator to withdraw your consent to processing of your personal data at any time.
12.9.2 If you wish to exercise the right to withdraw the consent, you may at any time directly contact JBTT or our Data Controller Officer.
- Legal Basis For Data Processing
13.1 Art. 6(1) lit. (a) GDPR serves as the legal basis for processing operations for which we obtain consent for a specific processing purpose.
13.2 If the processing of personal data is necessary for the performance of a contract to which you are a party, as is the case, for example, when processing operations are necessary for designing, the processing is based on Article 6(1) lit. (b) GDPR. The same applies to such processing operations which are necessary for carrying out pre-contractual measures, for example in the case of inquiries about our website design and graphic design services.
13.3 If our company is subject to a legal obligation by which processing of personal data is required, such as for the fulfillment of tax obligations, the processing will be based on Art. 6(1) lit. (c) GDPR. In exceptional cases, the processing of personal data may be necessary to protect your vital interests.
13.4 Finally, processing operations could be based on Article 6(1) lit. f GDPR. This legal basis is used for processing operations which are not covered by any of the above mentioned legal grounds, if processing is necessary for the purposes of the legitimate interests pursued by our company or by a third party, except where such interests are overridden by your interests or fundamental rights and freedoms which require protection of personal data. Such processing operations are particularly permissible because they have been specifically mentioned by the European legislator.
14.0 The legitimate interests pursued by the controller or by a third party
Where the processing of personal data is based on Article 6(1) lit. f GDPR our legitimate interest is to carry out our business in favor of the well-being of all our team members and our Data Control Officer.
15.0 Children’s Online Privacy Protection Act Compliance
15.1 JBTT do not collect any information from anyone under 18 years of age in compliance with COPPA (Children’s Online Privacy Protection Act), and our Website and its Content is directed to individuals who are at least 18 years old or older.
16.0 Statutory Retention Period
16.1 The criteria used to determine the period of storage of your personal data is the respective statutory retention period. After expiration of that period, the corresponding data is routinely deleted, as long as it is no longer necessary for the fulfillment of the contract or the initiation of a contract.
17.0 Cookies Policy
17.1 www.johnbrunototaltraining.com uses cookie technology in web sessions. A ‘cookie’ is a small file that a website transfers to your computer to allow it to remember specific information about your session while you are connected.
17.2 JBTT may use session cookies for technical purposes such as to enable better navigation through its site, or to allow users customize their preferences for interacting with its website.
17.4 You may adjust your cookies by changing your privacy and security settings in your browser. Each browser is different and you will need to refer to the instructions provided by your browser to learn more about changing your privacy and security settings.
18.0 Managing/Disabling cookies
18.1 Most browsers allow you to refuse to accept cookies and to delete cookies. The methods for doing so vary from browser to browser, and from version to version. You can however obtain up-to-date information about blocking and deleting cookies via these links:
- Chrome - https://support.google.com/chrome/answer/95647?hl=en (Chrome);
- Firefox - https://support.mozilla.org/en-US/kb/enable-and-disable-cookies-website-preferences;
- Opera - http://www.opera.com/help/tutorials/security/cookies/;
- Internet Explorer - https://support.microsoft.com/en-gb/help/17442/windows-internet-explorer-delete-manage-cookies
- Safari - https://support.apple.com/kb/PH21411
- Edge - https://privacy.microsoft.com/en-us/windows-10-microsoft-edge-and-privacy
18.2 Blocking all cookies will have a negative impact upon the usability of many websites.
18.3 If you block cookies, you will not be able to use all the features on our website.
19.1 JBTT is committed to ensuring that your information is secure. To prevent unauthorized disclosure or access, JBTT have put in place suitable physical, electronic and administrative procedures to protect and secure the information we collect from you.
20.0 External links
21.0 Controlling your personal information
21.1 You may choose to restrict the collection or use of your personal information in the following ways:
- whenever you are asked to fill in a form on the website, look for the box that you can click to indicate that you do not want the information to be used by anybody for direct marketing purposes
- if you have previously agreed to us using your personal information for direct marketing purposes, you may change your mind at any time by writing to or emailing us at
21.2 JBTT will not sell, distribute or lease your personal information to third parties unless we have your permission or are required by law to do so. We may use your personal information to send you promotional information about third parties which we think you may find interesting if you tell us that you wish this to happen.
21.3 You may request details of personal information which we hold about you under the Data Protection Act 1998. A small fee will be payable. If you would like a copy of the information held on you please write to South Wales. UK.
21.4 If you believe that any information we are holding on you is incorrect or incomplete, please write to or email us as soon as possible at the above address. We will promptly correct any information found to be incorrect.
22.0 Policy Acceptance
22.1 You understand that they are not under any force to provide your personal information. Any personal information provided is with your full permission, and desire to provide such personal information. JBTT is not under any obligation to verify the source from which the personal information is provided, and are considered to be provided by the user, except they prove within a period of 15 days from the date of providing such information to JBTT contentment, that the information was provided without their free consent.
23.0 Privacy update
23.1 JBTT may change this policy from time to time by updating this page.
23.2 You should check this page occasionally to ensure you are happy with any changes to this policy.
23.3 We may notify you of changes to this policy by email or through the private messaging system on our website.