Privacy Notice

Who we are. Sadistic Coach provides fitness coaching and related services. This notice explains how we collect, use, and share personal information and the rights available to you depending on where you live.

Contact. For any privacy questions or requests, email info@sadisticcoach.co.uk

We collect your name, contact details, age, relevant fitness information, goals, and any materials you send us. We use this to deliver coaching and manage our relationship with you (contract necessity).

If you register, attend, present, or correspond with us, we keep what’s needed to run the event, respond, and maintain records.

We collect basic technical data (e.g., IP-related request data, browser/OS, pages viewed) and use Google Analytics 4 to understand aggregate site usage. GA4 does not log or store IP addresses (EU users’ IP data is dropped before logging).

If you buy equipment or digital products from us, we collect order details and delivery info. We do not store full payment card data. We retain transaction records as required by applicable tax and accounting laws.

Where the UK GDPR/EU GDPR applies, we process on one or more of these bases: performance of a contract, legitimate interests (e.g., service improvement, security), legal obligation (e.g., tax), or consent where required.

• UK/EEA: access, rectification, erasure, restriction, portability, and objection (plus the right to complain to your data protection authority). 
• U.S.: your rights vary by state. If a state law applies to us (e.g., California’s CPRA), you may have rights to know, delete, correct, and opt-out of certain “sales”/“sharing” of personal information. We honor valid opt-out signals such as Global Privacy Control (GPC) where required.  

Note on thresholds: California’s CPRA generally applies to businesses that meet criteria like buying/selling/sharing the personal info of 100,000+ CA residents/households or other revenue-based triggers. If we fall below those thresholds, CPRA may not apply, but we will still consider reasonable opt-out requests.
 

To exercise rights, email info@sadisticcoach.co.uk

We use essential cookies and limited analytics. Some U.S. laws require businesses to treat user-enabled GPC signals as a valid opt-out of “sale”/“sharing.” Where those laws apply to us, we will honor the signal. (GPC is a browser privacy signal recognized by California regulators.) 

Our services are not directed to children under 13. We do not knowingly collect personal information from children under 13; if we learn we have, we will delete it and take appropriate steps. See the U.S. COPPA rule for more detail.

We share information with service providers (e.g., email, hosting, analytics, payment processors) under contract; with event partners when necessary to administer an event; and when required by law or to protect rights and safety.

If we transfer UK/EEA personal data to the U.S., we use lawful transfer mechanisms such as the EU-U.S. Data Privacy Framework (DPF) and, for UK data, the UK Extension (“UK-US data bridge”) where our U.S. providers are certified, or we use appropriate safeguards (e.g., standard contractual clauses). Recent EU court decisions have upheld the DPF’s adequacy decision.

We use technical and organizational measures to protect personal information. No method of transmission or storage is 100% secure, but we regularly review and improve safeguards.

We retain personal information for as long as needed to provide services, comply with legal obligations, resolve disputes, and enforce agreements. Transaction records are retained as required by applicable tax/accounting laws.

We may update this notice as our practices evolve. If changes are material, we will post an update on our site (and notify you if required).

• If you primarily serve U.S. clients now: This notice and any disputes relating to it are governed by the laws of Florida, USA, unless local mandatory law says otherwise.
   
• For UK/EEA clients, UK law and UK/EEA rights continue to apply alongside this notice.
   

Contact: info@sadisticcoach.co.uk