Privacy Policy

Last updated: 22 May 2025

At Mettle & Grace, your privacy matters. This policy explains how I collect, use, and protect your personal information when you interact with the business — whether through the website, contact form, email, or other services.

1. Who I am

Mettle & Grace is a sole trader business offering personal training and Pilates services for women in and around Kenilworth, Warwickshire.

You can contact me at:

Email: office@mettleandgrace.

I am the point of contact for all data protection matters.

2. What information I collect and why

Name, email address, phone number. - To respond to enquiries or arrange bookings (Consent / Contract)

Enquiry message - To understand your needs and respond appropriately (Consent)

Email address (for mailing list) - To send updates and newsletters, if you opt in (Consent)

Website usage data (cookies) - To analyse site traffic and improve user experience (Legitimate interest)

Important: Please do not include any sensitive medical or health information in the contact form. If you share sensitive health information during consultations, this data will be handled with strict confidentiality and only used to tailor your training plan.

3. Testimonials and Photos

From time to time, I may ask for your written permission to share a testimonial or a photo in which you appear. These may be used to promote Mettle & Grace — for example, on the website, social media, or marketing materials.

4. How your data is stored

Your personal data is stored securely using the following services:

Squarespace — for website hosting and form submissions
Google Workspace — for email and document storage, protected by password, multi-factor authentication and encryption
A trusted third party secure form provider (Jotform) if you fill in forms
A trusted email marketing provider (Mailchimp), if you subscribe to my email list

All providers are GDPR-compliant and follow strong data protection standards.

In the course of running the business, a trusted assistant (my husband) may also have access to limited personal information — for example, to help manage scheduling or respond to enquiries. This access is strictly limited and handled with the same level of confidentiality and care.

I take appropriate technical and organisational measures to protect your data against unauthorized or unlawful processing, accidental loss, destruction, or damage.

5. Who has access to your data

Only I (Vix) and, where needed, my trusted assistant (my husband) have access to your personal information. I never sell or share your data with third parties for marketing purposes.

Your data may be processed by trusted service providers solely to help me deliver my services to you. When you complete intake or consultation forms, your data is securely collected viaJotform, a trusted platform that employs industry-standard encryption to safeguard sensitive health and personal information. For email communications, including newsletters and service updates, we useMailchimp, a secure marketing platform that adheres to industry standards for data protection.6. Your rights under GDPR

You have the right to:

Request access to the personal data I hold about you
Ask for incorrect data to be corrected
Request deletion of your data (unless needed for legal reasons)
Withdraw consent for marketing communications at any time
Request the transfer of your data to another provider (data portability)
Object to processing based on legitimate interests

If you wish to exercise any of these rights or have questions about your data, please contact me at: office@mettleandgrace.love

7. How Long I Keep Your Data

Enquiries via contact form - Up to 12 months

Client communications and session records - As required by insurance and professional obligations (typically 7 years)

Email list data - Until you unsubscribe or request deletion

8. Email Marketing (If You Subscribe)

If you choose to join my email list (e.g. through the website), your name and email address will be stored securely by a trusted third-party email marketing provider. This service is GDPR-compliant and only used to send you updates, newsletters, or relevant announcements.

You can unsubscribe at any time via the link in any email or by contacting me directly.

9. Cookies and Website Analytics

The website uses basic analytics tools built into Squarespace to understand how visitors use the site. These may use cookies (small text files stored on your device). You can manage or block cookies through your browser settings.

10. Children’s Data

My services are intended for adults aged 18 and over. I do not knowingly collect or process personal data from children under 18.

11. Complaints

If you have any concerns about how I handle your personal data, you have the right to lodge a complaint with the Information Commissioner’s Office (ICO). You can contact the ICO at https://ico.org.uk/ or by phone at 0303 123 1113.

But please speak to me first if you can.

12. Changes to This Policy

I may update this policy from time to time. The latest version will always be available on this page.