Privacy Policy
Introduction
Kung Fit Kids ("we," "our," or "us") is committed to protecting the privacy and security of all members, staff, and visitors across every Kung Fit Kids location. This Privacy Policy explains how we collect, use, store, and protect personal data in accordance with the UK GDPR, the Data Protection Act 2018, and the Data (Use and Access) Act 2025 ("DUAA"). Kung Fit Kids is the data controller for personal data collected at any Kung Fit Kids location, including franchise-operated sites. This means one consistent privacy standard, one complaints process, and one set of retention rules apply everywhere, regardless of which location a member trains at.
Information We Collect
Personal Data You Provide
a) Personal Data Provided by You;
- Full name, date of birth, and contact details (email, phone, address).
- Emergency contact information.
- Medical, fitness, or health-related details relevant to participation in martial arts activities.
- Payment and transaction details when purchasing memberships or services.
b) Children's Data;
- Where a member is under 18, we collect the above data with the consent of a parent or legal guardian. Parents/guardians provide consent on the child's behalf at sign-up, and may withdraw or update that consent at any time by contacting us.
Automatically Collected Data (Website)
- IP address, browser type, operating system, and browsing behaviour on our website.
- Cookies and similar tracking technologies. Non-essential cookies (analytics, marketing) are only set with your consent, given via our cookie banner, and you can withdraw this at any time through your cookie settings.
Photography & Videography
Photos or videos captured during training and events, only with consent (from a parent/guardian where the subject is under 18). See our separate Photography & Videography Policy for detail.
How We Use Your Information
We use your personal information to:
- Managing memberships, class registrations, and training records.
- Processing payments and financial transactions securely.
- Ensuring participant safety and maintaining emergency contact and medical records.
- Communicating important updates, class changes, and events.
- Sending marketing communications, where you have consented.
- Website improvement and analytics.
- Complying with legal, safeguarding, and financial reporting obligations.
Legal Basis for Processing
For most personal data, we rely on:
- Contractual necessity – to provide training, process payments, and manage memberships.
- Consent – for marketing communications and photography/video use.
- Legitimate interests – for club operations, safety, and business improvement.
- Legal obligations – compliance with child safeguarding, accounting, and data protection law.
- Medical, health, and fitness-related information is special category data under Article 9 UK GDPR. Where we hold this data, we rely on your (or your parent/guardian's) explicit consent, given separately from general membership consent, or on the condition that processing is necessary for reasons of substantial public interest (safeguarding of children and vulnerable individuals).
Data Sharing & Disclosure
We do not sell personal data. We may share it with:
- Service providers – payment processors, IT and cloud service providers, and (where used with your consent) marketing platforms. Each provider is bound by a data processing agreement.
- Legal or regulatory authorities – where required by law or in connection with safeguarding concerns.
- Emergency contacts and medical services – in the event of injury or medical emergency.
- Some of our service providers process data outside the UK. Where this happens, we ensure appropriate safeguards are in place, such as the UK International Data Transfer Agreement, UK-approved Standard Contractual Clauses, or a UK adequacy decision covering that country.
Data Retention
We keep personal data only as long as necessary for the purposes set out in this policy: - Active members: for the duration of membership, plus the periods below. - Membership, medical, and emergency contact records: retained for 2 years after a member becomes inactive, then securely deleted. - Financial and payment records: retained for 6 years, in line with HMRC requirements. - Photography/video: retained for [24 months] unless needed for a safeguarding matter. - Website analytics data: retained for [26 months] in line with standard analytics defaults.
Security Measures
We implement appropriate technical and organisational measures to protect personal data against unauthorised access, loss, alteration, or misuse, including access controls, staff training on data handling, and secure storage of physical and digital records.
Your Rights
Under UK GDPR, you have the right to:
- Request access to your personal data.
- Request correction of inaccurate information.
- Request erasure of your data, in certain circumstances.
- Request restriction of processing.
- Object to processing based on legitimate interests or for direct marketing.
- Request a copy of your data in a portable format.
- Withdraw consent for marketing or photography/video use at any time.
- Complain to us directly about how we've handled your personal data (see Section 9).
- Complain to the Information Commissioner's Office (ICO) at any time (see Section 9).
To exercise any of these rights, contact us at hello@kungfitkids.com
9. How to Complain
If you're unhappy with how we've handled your personal data, you can complain to us directly using our online complaints form here or by emailing hello@kungfitkids.com with "Data Protection Complaint" in the subject line.
We will acknowledge your complaint within 30 days of receipt and provide a full response without undue delay. We will keep you informed of progress if the matter takes longer to resolve.
You also have the right to complain directly to the Information Commissioner's Office (ICO) at any time, whether or not you've raised the matter with us first:
Website: ico.org.uk/make-a-complaint
Phone: 0303 123 1113
Post: Information Commissioner's Office, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF
10. International Data Transfers
Some of the tools we use to run Kung Fit kids (including cloud email, accounting, and website hosting providers) may store or process data outside the UK. Where this occurs, we ensure the transfer is protected by an appropriate legal safeguard, such as the UK International Data Transfer Agreement or Standard Contractual Clauses, or that the destination country holds a UK adequacy decision.
11. Automated Decision-Making
We do not use automated decision-making or profiling that produces legal or similarly significant effects on members, staff, or visitors.
12. Data Protection Lead
Janna Howard is responsible for data protection matters at Kung Fit Kids, including overseeing this policy, handling complaints under Section 9, and managing our relationships with data processors.
13. Policy Updates
We may update this policy from time to time. Significant changes will be communicated by email or a notice on our website. This policy was last reviewed to reflect the Data (Use and Access) Act 2025.
14. Contact Information
For any questions about this Privacy Policy or how your data is handled, please email us.
Contact Us
For any privacy-related queries, please contact us at hello@kungfitkids.com or call 07904 265090.