Thrive at the Farm — Privacy Policy

Last updated: 29.06.26

This privacy policy explains how Thrive at the Farm ("Thrive at the Farm", "we", "us" or "our") collects, uses, stores and protects your personal information when you visit our website (thriveatthefarm.co.uk), use our gym and studio at Wrea Green, Preston, book or attend classes and personal training sessions, take out a membership, sign up to our newsletter, or otherwise interact with us.

We are committed to protecting your privacy and handling your personal data in line with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018. If you have any questions about this policy or how we use your data, please contact us using the details in Section 12.

1. Who we are

Thrive at the Farm is a fitness and wellness studio based at Wrea Green, Preston, PR4 2PA, offering Pilates, strength training, Hyrox-style conditioning, wellness sessions, small group personal training and related classes.

For the purposes of data protection law, the data controller is Thrive at the Farm, operated by Blackburns Farm Nurseries Ltd, of Blackburns Farm, Ribby Road, Wrea Green, Preston, PR4 2PA.

2. Information we collect

The personal information we collect depends on how you interact with us. This may include:

a) Information you give us directly

  • Contact details, such as your name, email address, postal address and telephone number

  • Date of birth and emergency contact details

  • Membership and booking information, including class bookings, attendance and the services or passes you purchase

  • Health and fitness information you choose to share with us, such as health questionnaires, fitness goals, injuries or medical conditions relevant to your training (this is "special category data" under UK GDPR – see Section 4)

  • Payment and billing information, processed via our booking and payment platform (see Section 6)

  • Communications you send us, for example by email, our contact form or social media

  • Newsletter sign-up details (first name, last name and email address)

b) Information we collect automatically

  • Technical information about your device and visit to our website, such as IP address, browser type, pages viewed and referral source

  • Cookies and similar tracking technologies, including the Meta (Facebook) Pixel, used to understand website usage and measure the effectiveness of our advertising – see Section 7

c) Information from third parties

  • Booking, membership and payment details passed to us by our booking platform provider when you sign up for a membership, pass or class

  • Information from social media platforms (such as Instagram or Facebook) if you interact with our pages or adverts

3. How we use your information

We use your personal information for the following purposes:

  • To set up and manage your membership, bookings and class attendance

  • To process payments and manage billing, invoicing and refunds

  • To deliver our classes and personal training safely, including taking account of any health information you provide

  • To communicate with you about your membership, bookings, classes, or changes to our services

  • To send you marketing communications and our newsletter, where you have consented to receive these

  • To respond to enquiries, feedback or complaints

  • To maintain the safety and security of our premises (for example, where CCTV is in operation)

  • To improve our website, services and customer experience

  • To comply with our legal, accounting and regulatory obligations

4. Our legal basis for processing

Under UK GDPR, we rely on the following legal bases to process your personal data:

  • Contract – to provide membership, booking and training services you have signed up for

  • Consent – for marketing communications, our newsletter, and any health or fitness information you choose to share with us

  • Legitimate interests – to run and improve our business, maintain site security, and communicate with members about their accounts, where this does not override your rights

  • Legal obligation – to meet our obligations under tax, accounting and other applicable law

Special category data: Information about your health (for example, injuries, medical conditions or fitness limitations) is "special category data" under UK GDPR. We only collect and use this information with your explicit consent, and solely to plan your training safely and appropriately. You can withdraw this consent at any time by contacting us, although this may affect our ability to provide certain services.

5. Sharing your information

We do not sell your personal information. We may share your information with:

  • Our booking, membership and payment platform provider, which processes bookings, memberships and payments on our behalf

  • Payment processors, to securely process card and other payments

  • Coaches, trainers and staff at Thrive at the Farm, where necessary to deliver your sessions safely

  • Email marketing and newsletter service providers

  • Website hosting and analytics providers (our website is built on Squarespace)

  • Professional advisers, such as accountants or insurers, where necessary

  • Regulatory or law enforcement bodies, where we are legally required to do so

We require any third party who processes personal data on our behalf to keep it secure and to use it only for the purposes we specify.

6. Payments and booking platform

Memberships, passes and class bookings are managed through a third-party booking and payment platform. When you book a class, buy a membership or pass, your booking, attendance and payment information is processed by that platform in accordance with its own privacy policy, as well as this one. We recommend reviewing the privacy policy of our booking platform provider, which is linked from our booking page, for further detail on how payment information is handled.

7. Cookies and tracking technologies

Our website uses cookies and similar technologies, including the Meta (Facebook) Pixel, to:

  • Help our website function properly

  • Understand how visitors use our website

  • Measure and improve the performance of our social media advertising

You can control or delete cookies through your browser settings. Please note that disabling certain cookies may affect how our website functions.

8. International transfers

Where any of our service providers store or process data outside the UK or European Economic Area, we take steps to ensure your information is protected to a standard equivalent to UK data protection law, for example through standard contractual clauses or by using providers certified under approved transfer mechanisms.

9. How long we keep your information

We retain personal information only for as long as necessary for the purposes set out in this policy, including to satisfy any legal, accounting or reporting requirements. As a general guide:

  • Membership and booking records are retained for the duration of your membership and for a reasonable period afterwards, to deal with any queries and meet legal obligations

  • Financial records are retained in line with statutory accounting and tax requirements (typically six years)

  • Marketing and newsletter data is retained until you unsubscribe or withdraw consent

  • Health and fitness information is retained only for as long as needed to support your training safely, or as you direct us

10. Keeping your information secure

We use appropriate technical and organisational measures to protect your personal information against unauthorised access, loss, misuse or alteration, including secure storage of records, restricted staff access, and use of reputable third-party platforms for payments and bookings. While we take security seriously, no method of transmission or storage is completely secure, and we cannot guarantee absolute security.

11. Your rights

Under UK GDPR, you have the right to:

  • Access the personal information we hold about you

  • Correct inaccurate or incomplete information

  • Request deletion of your information, in certain circumstances

  • Restrict or object to our processing of your information

  • Request that your information be transferred to you or another provider (data portability)

  • Withdraw consent at any time, where we rely on consent to process your data

  • Lodge a complaint with the Information Commissioner's Office (ICO), the UK's data protection regulator

To exercise any of these rights, please contact us using the details in Section 12. You can find out more about your rights and how to make a complaint at ico.org.uk.

12. How to contact us

If you have any questions about this privacy policy or how we handle your personal information, please contact us:

13. Changes to this policy

We may update this privacy policy from time to time, for example to reflect changes in our services or legal requirements. Any updates will be posted on this page with a revised "Last updated" date. We encourage you to review this policy periodically.