Privacy Policy

How we collect, use and protect your personal information.

Last updated: 28 March 2026

CrossFit Bodmin ("we", "us", "our") is committed to protecting your privacy and handling your personal data responsibly. This privacy policy explains what data we collect, how we use it and your rights under UK data protection law, specifically the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

1. Who We Are

CrossFit Bodmin is a functional fitness gym based at Unit 2, Callywith Court, Launceston Road, Bodmin, Cornwall, PL31 2RQ. We are the data controller for the personal information described in this policy.

For any data protection queries, please contact us at: info@crossfitbodmin.com

2. What Data We Collect

We may collect the following personal information when you enquire about or use our services:

  • Identity data: first name, last name
  • Contact data: phone number, email address
  • Social media data: Instagram username, Facebook name and profile information (when you message us via these platforms or interact with our adverts)
  • Communication data: message history across WhatsApp, SMS, Instagram DMs, Facebook Messenger and email
  • Enquiry data: responses to our application form (fitness goals, experience level, motivation and commitment)

We do not collect special category data (such as health conditions) unless you voluntarily share it with us during conversations about your fitness goals.

3. How We Collect Your Data

We collect personal data when you:

  • Fill out our online application form at join.crossfitbodmin.com
  • Submit a contact or booking form on our website
  • Contact us via WhatsApp, SMS, email, Instagram DMs or Facebook Messenger
  • Interact with our social media posts, adverts or pages on Instagram and Facebook
  • Speak with us by phone or in person and provide your details

4. How We Use Your Data

We use your personal data for the following purposes:

  • To respond to your enquiry about membership or our services
  • To contact you about booking a consultation, class or appointment
  • To send follow-up messages if you have expressed interest in joining
  • To manage your membership and provide our services
  • To run advertising campaigns to reach potential members
  • To improve our services and communication

5. Legal Basis for Processing

Under UK GDPR, we rely on the following legal bases:

  • Legitimate interest: responding to enquiries, managing conversations, sending follow-up messages about your enquiry, and running our business. We have assessed that our interests do not override your rights and freedoms. You can request details of this assessment by contacting us.
  • Consent: where you voluntarily submit your information through our forms or opt in to receive marketing communications via Meta advertising. You can withdraw consent at any time.
  • Performance of a contract: where processing is necessary to manage your membership or provide services you have signed up for.

6. AI-Assisted Communication

We use AI-assisted tools to help manage conversations and respond to enquiries. This means some of our initial responses may be generated or suggested by AI technology (powered by Anthropic). A human team member oversees all communications and can take over any conversation at any time. Your message content is processed securely by the AI to generate a response and is not used to train third-party AI models.

7. Who We Share Your Data With

We do not sell your personal data to anyone. We may share your data with the following service providers who help us operate our business:

  • Twilio (US): for sending and receiving WhatsApp and SMS messages. Data shared: phone number, message content.
  • Meta Platforms (US/EU): for Instagram and Facebook Messenger communication, and advertising. Data shared: social media profile information, message content.
  • Anthropic (US): for AI-assisted message processing to help us respond to enquiries. Data shared: message content and enquiry details (personal identifiers such as phone numbers and emails are not sent to the AI model).
  • Google (US): for calendar and email services. Data shared: name, email address, appointment details.

All service providers are bound by their own privacy policies and data processing agreements. Where data is transferred outside the UK, we ensure appropriate safeguards are in place, including Standard Contractual Clauses or equivalent protections recognised by the UK Information Commissioner's Office (ICO).

8. Data Retention

We retain your personal data for as long as necessary to fulfil the purposes described above:

  • Active enquiries: retained for up to 12 months after your last interaction. If you do not become a member, your data is deleted after this period.
  • Marketing leads: if you came through an advert but did not engage further, your data is deleted within 6 months.
  • Members: retained for the duration of your membership and up to 24 months after it ends, for administrative purposes.
  • Communication records: retained for up to 24 months after your last message.

You can request deletion of your data at any time (see section 10 or visit our data deletion page).

9. Cookies and Tracking

Our website does not use tracking cookies, advertising cookies or analytics cookies. We only use cookies that are strictly necessary for the website to function. No third-party tracking is present on our website. If we introduce any cookies in the future, we will update this policy and obtain your consent where required.

10. Your Rights

Under UK GDPR, you have the following rights regarding your personal data:

  • Right of access: request a copy of the personal data we hold about you
  • Right to rectification: request correction of inaccurate or incomplete data
  • Right to erasure: request deletion of your personal data (see our data deletion page for details)
  • Right to restrict processing: request that we limit how we use your data
  • Right to data portability: request your data in a structured, machine-readable format
  • Right to object: object to our processing of your data where we rely on legitimate interest
  • Right to withdraw consent: where processing is based on consent, you can withdraw it at any time without affecting the lawfulness of prior processing

To exercise any of these rights, please email us at info@crossfitbodmin.com. We will respond within 30 days.

11. Data Security

We take appropriate technical and organisational measures to protect your personal data, including:

  • Encrypted data transmission (HTTPS/TLS) across all services
  • Secure server hosting with access controls
  • Database encryption and restricted access to personal data
  • Regular review of our data handling practices

12. Children's Data

Our services are not directed at anyone under the age of 16. We do not knowingly collect personal data from children. If you believe we have collected data from a child, please contact us and we will delete it promptly.

13. Complaints

If you are unhappy with how we have handled your data, please contact us first at info@crossfitbodmin.com so we can resolve the issue.

You also have the right to lodge a complaint with the Information Commissioner's Office (ICO):

14. Changes to This Policy

We may update this privacy policy from time to time. Any changes will be posted on this page with an updated date. We encourage you to review this page periodically.

Book a Free Consultation

Drop your details and we will be in touch on WhatsApp.