PRIVACY POLICY

Please read the whole of this statement carefully as it sets out our approach to processing personal data including what information we may collect from you, how we may use it, store it and protect it, and your rights as a data subject.

 

 

Introduction

The Movement Blueprint Ltd (Company No. 12330992), registered in England and Wales, with a registered address at Alpha 6 Masterlord Office Village, West Road, Ipswich, Suffolk, United Kingdom, IP3 9SX (“we”, “our”, “us”), is committed to protecting and respecting your privacy. This Privacy Policy outlines how we collect, use, and protect your personal data when you purchase any product or service from us and use any of our “Service Platforms” (the MBP Training App and the Coaches Education Hub), which are designed for users aged 16 and over. We manage personal information in accordance with data protection legislation including the Data Protection Act 2018.

 

Contact Details

For any questions or concerns regarding this Privacy Policy or our data practices, please contact us at:
Email: [email protected]

We aim to respond to all requests promptly and within one month. If you are unsatisfied with our response, you have the right to lodge a complaint with the UK Information Commissioner’s Office (ICO): Contact us | ICO


Changes to the Privacy Policy and Your Duty to Inform Us of Changes

This Privacy Policy was last updated on 24th June 2025 and is reviewed every six months or upon changes to relevant data protection legislation. We reserve the right to update this Privacy Policy and will notify you of any material changes. Please review this policy periodically to stay informed about how we are using and protecting your data. It’s important that the personal data we hold about you is accurate and current; please keep us informed of any changes.

 

Third-Party Links and Sites

Our website, emails, and Service Platforms may contain links to third-party websites. We do not control these websites and are not responsible for their privacy statements. We encourage you to read the privacy policy of every website you visit.


The Data We Collect About You

In accordance with Data Protection Legislation we only collect and process information we require. This includes, but is not limited to:

Identity and Contact Data: Full name, email address, address, date of birth, gender, occupation, lifestyle, personal development goals and targets.

Technical Data: IP address, login data, browser type and version, time zone setting, GPS location, device information, browser plug-in types and versions, operating system, and platform.

Usage Data: Information about how you use our Service Platforms, including URL clickstreams, products viewed or searched for, page response times, download errors, length of visits, page interaction information, and methods used to browse away from the page.

Financial Data: Payment details are processed by our third-party payment provider, Stripe. We do not store full card numbers; only the last four digits, card type, and billing address are retained for reference.

Special Category Data: Occasionally, we may collect health-related or medical information necessary for delivering specific services or products. Such data will only be collected with your explicit consent and handled in accordance with ICO guidelines. As per our Data Processing Principles we will only ask for information that is necessary to deliver our services, and therefore we encourage you not to provide us with personal data or special category data which we do not ask for.


How We Collect & Use Your Personal Data

We collect your data:

Directly from you when you register on one of our Service Platforms or subscribe to our mailing list.

Automatically as you navigate through our website or one of our Service Platforms (technical and usage data).

From third parties, such as social media platforms, when you choose to connect your accounts.

Most personal information is provided directly and voluntarily by you when you engage with us in order to enquire about, or purchase, our services or products.

We use your data to:

Process transactions and deliver purchased products or services.

Provide and manage your access to our Service platforms, products and services.

Create a profile for you on our client database.

Deliver agreed commercial or partnership services.

Communicate with you, including sending newsletters and responding to inquiries.

Personalise your experience and deliver relevant content and advertisements.

Conduct surveys or quizzes to improve our services.

Notify you about changes to our services or products.

Comply with legal obligations and enforce our terms and conditions.

We may also collect personal information about you from third party sources, such as when you choose to connect your social media accounts with our site or log in through a social media platform such as Facebook or Instagram. However, we will only use this information where these third parties either have your consent or are otherwise legally permitted or required to share your personal information with us. We will not use your data for purposes other than those stated in this policy without your consent.

 

Purposes for Which We Use Your Personal Data

We process your personal data for the following purposes:

Email Address: To identify users, in relation to third party services, and to facilitate communication.

Contact Data: To improve App usage, personalise content, and, with your consent, for marketing purposes.

Date of Birth: To verify age eligibility and tailor product offerings.

Gender: (Optional) To personalise product recommendations.

Technical and Usage Data: To analyse App performance, usage, and user engagement.

Legal and Regulatory Compliance: To meet our legal obligations.

 

Disclosures of Your Personal Data

We share your data with the following third parties:

Third Party Purpose
FITR Holdings Ltd To provide software for programme management and client data storage.
Google Analytics To track anonymous App usage data.
Stripe To process payments securely.
Social Media Platforms (Facebook, Instagram, Twitter, LinkedIn)           For social sharing and, with consent, targeted advertising.
Cloudflare To enhance DNS management and security.
AWS For data hosting and infrastructure services.
PagerDuty To manage incident response notifications.
Firebase To enhance App analytics and user engagement.
Zapier To facilitate App integrations and automate tasks.

 

We ensure that all third-party service providers respect the security of your personal data and comply with UK data protection laws.


International Transfers

Some of our third-party service providers are based outside the UK/EEA. We ensure that your data is protected by requiring all such providers to follow data protection standards equivalent to those in the UK, such as adherence to the UK Extension to the EU-U.S. Data Privacy Framework.

 

Data Security

We implement appropriate security measures to prevent your personal data from being accidentally lost, used, or accessed in an unauthorised way.

These measures include:

Secure Socket Layer (SSL) encryption.

Firewalls and intrusion detection systems.

Regular security assessments, updates, and access controls.

 

Data Retention: How We Store & Transfer Your Information

We have in place appropriate technical and organisational measures to ensure the security, confidentiality, integrity and availability of personal data we control. Your information is securely stored on our company cloud storage database which is not publicly accessible or stored in any public domain – it is accessible to our employees and affiliates only, and is password protected. Your information may also be stored on our third-party email marketing platform Klaviyo. Our third-party provider has their own privacy policy which you can view on their website.

We may store or process your data on cloud-based platforms or service providers whose servers are based outside of the UK/EEA which may constitute a transfer of data under GDPR. We will only use such third party service providers where we are confident that appropriate safeguards are in place to ensure that any personal data transferred outside of the UK/EEA is subject to an equivalent level of security and protection as required under UK Data Protection Legislation, such as the UK Extension to the EU-U.S. Data Privacy Framework. 

We will not give consent to third party service providers or platforms to use your information, for purposes other than those for which the information was collected and which are necessary for the delivery of our products and services. We will not give consent for your information to be used by third party service providers for the training and development of AI modelling software, or similar purposes.

We also have in place appropriate procedures to handle any potential Personal Data Breaches, in accordance with Data Protection Legislation. Any such breaches will be reported to the relevant supervisory authority and notified to the affected data subjects where we are legally required to do so.

We will only keep your personal data for as long as is necessary to meet the requirements for which it was collected. After this period of time we will delete your personal data unless there is a legitimate business reason to retain all or parts of the data we hold.

 

Your Legal Rights

You have a number of legal rights in relation to the personal data that we hold about you and you can exercise your rights by contacting us using the details at the end of this statement. 

 

Under the UK GDPR, you have the following rights:

Access: Request access to your personal data.

Correction: Request correction of inaccurate or incomplete data.

Erasure: Request deletion of your personal data. Please note that there may be circumstances where you ask us to erase your personal data but we must retain it.

Restriction: Request restriction of processing your personal data. Again, there may be circumstances where you ask us to restrict our processing of your personal data but we must refuse that request.

Portability: Request transfer of your personal data to another party.

Objection: Object to processing of your personal data.

Withdraw Consent: Withdraw consent at any time where we rely on consent to process your data. Please note, however, that we may still be entitled to process your personal data if we have another legitimate reason (other than consent) to do so. When we are processing on the grounds of legitimate interest, you have the right to object to the processing and we must stop unless we have an overriding reason which will be communicated to you.

Lodge a Complaint: Lodge a complaint with the ICO if you believe we have not complied with data protection laws.

To exercise any of these rights, please contact us at [email protected].

 

Legal Basis for Processing Your Data

The General Data Protection Regulation (GDPR) provides that processing of your data shall only be lawful if and to the extent that at least one of the following applies:

Consent: Where you have given clear consent.

Contract: Where processing is necessary for a contract with you.

Legal Obligation: Where processing is necessary for compliance with the law.

Legitimate Interests: Where processing is necessary for our legitimate interests, provided your interests and fundamental rights do not override those interests.

 

Data Processing Principles

We take protecting online privacy and data security seriously, and adhere to the following data protection principles:

Lawfulness, Fairness, and Transparency: We process personal data lawfully, fairly, and transparently.

Purpose Limitation: We collect data for specified, explicit, and legitimate purposes.

Data Minimisation: We will only collect data for specific and specified purposes.

Accuracy: We keep personal data accurate and up to date.

Storage Limitation: We retain personal data only as long as necessary.

Integrity and Confidentiality: We process personal data securely, and will not use your data for purposes other than those for which it was collected, accepted as stated within our policy, or with your prior consent.

All personal data is managed to ensure that it is either erased from our system when it is no longer required for the purpose for which it was collected, retained for legal reasons or minimised and retained.

 

Marketing Emails

With your consent, we may send you marketing communications.

You can opt out at any time by:

Clicking the unsubscribe link in our emails. It may take 24 hours for this to become effective. 

Contacting us at [email protected].

Please note that opting out of marketing emails does not affect the processing of personal data for other purposes, such as providing services you have requested.

 

If you have any questions or require further information, please contact us at [email protected].

 

Our Privacy Statement outlines our approach to any kind of data processing where we are acting as a data controller or co-controller (including collection, use, transfer, storage and deletion) of personally identifiable information (any information that may be used to identify a physical person, and any other information associated therewith).. This statement applies to our processing of data collected through any means, actively as well as passively, from persons located anywhere in the world.