Privacy Policy

Effective Date: December 29, 2025

This Privacy Policy ("Policy") describes how WPT Sports Performance Training ("Gym," "we," "us," or "our") collects, uses, discloses, shares, and protects your personal information. We are committed to safeguarding your privacy and handling your data responsibly, going beyond legal minimums by implementing enhanced protections such as regular third-party audits, advanced encryption standards, and proactive data minimization practices. This Policy applies to all interactions with our gym facilities, website, mobile applications, online services, membership sign-ups, class bookings, events, and any other services we provide (collectively, "Services").

By using our Services, you consent to the practices described in this Policy. If you do not agree, please do not use our Services.

1. Information We Collect

We collect information to provide, improve, and personalize our Services. Categories include:

  • Personal Identifiers: Full name, postal address, email address, phone number, date of birth, gender, and emergency contact details.

  • Payment and Financial Information: Credit/debit card details, bank account information, billing address, and transaction history (processed securely via third-party providers like Stripe or PayPal).

  • Health and Fitness Data: Information you voluntarily provide, such as medical history, fitness goals, injuries, dietary preferences, body measurements, or biometric data (e.g., from wearables, with explicit consent). We treat this as sensitive data and require separate opt-in consent.

  • Usage and Interaction Data: Check-in history, class attendance, equipment usage logs, website/app navigation, search queries, and feedback.

  • Device and Technical Data: IP address, browser type, operating system, device identifiers, geolocation (if enabled), cookies, web beacons, and analytics data.

  • Marketing and Communication Data: Preferences for newsletters, promotions, or surveys.

  • Audio/Visual Data: CCTV footage from gym premises for security (retained only as necessary and anonymized where possible).

  • Inferred Data: Derived insights, such as fitness progress trends, to enhance personalization (anonymized and aggregated where feasible).

We minimize collection to what's essential and avoid gathering unnecessary data.

2. How We Collect Information

  • Directly from You: Via membership forms, online registrations, surveys, class bookings, or in-person interactions.

  • Automatically: Through cookies, pixels, logs, or sensors in our facilities/apps (e.g., for check-ins).

  • From Third Parties: Payment processors, fitness app integrations (e.g., Apple Health, with your consent), marketing partners, or public sources.

  • From Children: We do not knowingly collect data from individuals under 13 (or 16 in some jurisdictions). If under 18, parental consent is required for membership.

3. How We Use Your Information

We use your information solely for legitimate purposes, with transparency and user control in mind:

  • To manage memberships, process payments, schedule classes, and provide access to facilities.

  • To personalize experiences, such as recommending classes or tracking progress.

  • To communicate: Sending confirmations, reminders, updates, newsletters (opt-out available), or emergency notifications.

  • To improve Services: Analyzing usage patterns, conducting research, or enhancing safety (e.g., overcrowding alerts).

  • For security and fraud prevention: Monitoring access, detecting anomalies, or complying with legal requests.

  • For marketing: With consent, promoting offers or events (you can withdraw consent anytime).

  • For legal compliance: Tax reporting, dispute resolution, or audits.

We do not use your data for automated decision-making that significantly affects you without human oversight or your consent.

4. Sharing and Disclosure of Information

We prioritize data privacy and share information only when necessary, under strict agreements:

  • Service Providers: Vendors for payment processing, IT support, analytics (e.g., Google Analytics), email services, or cloud storage (e.g., AWS), bound by data protection contracts.

  • Affiliates and Partners: For joint events or integrations, with your consent.

  • Legal Obligations: To comply with laws, subpoenas, or government requests; prevent harm; or enforce our rights.

  • Business Transfers: In mergers, acquisitions, or asset sales, with notice to you.

  • With Consent: For any other purpose you approve.

We never sell, rent, or trade your personal information. Aggregated, anonymized data may be shared for research or benchmarking.

5. Data Security and Retention

  • Security Measures: We employ industry-leading safeguards, including AES-256 encryption, firewalls, access controls, regular penetration testing, and employee training. Health data is stored in segregated, encrypted databases.

  • Incident Response: In case of a breach, we notify affected users within 72 hours (exceeding many legal timelines) and provide free credit monitoring if sensitive data is involved.

  • Retention: Data is kept only as long as needed (e.g., membership data for 7 years post-termination for tax purposes; CCTV for 30 days). We delete or anonymize data upon request or when no longer required.

6. International Data Transfers

If you're in the EU/UK, we ensure transfers outside the EEA comply with GDPR via Standard Contractual Clauses or adequacy decisions. For all users, we apply equivalent protections globally.

7. Your Rights and Choices

We empower you with robust control over your data, surpassing basic legal rights:

  • Access and Portability: Request a copy of your data in a machine-readable format.

  • Correction and Deletion: Update inaccuracies or request erasure ("right to be forgotten").

  • Objection and Restriction: Opt out of processing for marketing or object to legitimate interest-based uses.

  • Consent Withdrawal: Revoke consents without affecting prior processing.

  • Do Not Sell/Share: We don't sell data, but you can opt out of any sharing.

  • Automated Decisions: Appeal any automated outcomes.

  • Complaints: Lodge with us or supervisory authorities (e.g., ICO in UK, state AG in US).

Exercise rights by contacting andrew@wasatchpt.net or 435-610-9071. We respond within 30 days (often faster). No fees unless requests are excessive.

For cookies: Manage via browser settings or our consent banner. Opt out of targeted ads via tools like NAI or DAA.

8. Children's Privacy

We do not target children under 13. If we discover such data, we delete it immediately. For minors 13-18, we require verifiable parental consent and limit data use.

9. Changes to This Policy

We review this Policy annually. Updates are posted here with the new effective date and emailed to active members. Continued use constitutes acceptance. Material changes require affirmative consent.

10. Contact Us

For questions, rights requests, or concerns: andrew@wasatchpt.net 435-610-9071, or 476 N Main Street Heber City UT 84032. Data Protection Officer: Andrew Ivie andrew@wasatchpt.net.