General Data Protection Regulation (GDPR) Notice

General Data Protection Regulation (GDPR)

There is new data protection legislation coming in to force in the UK on 25th May 2108. This legislation is the General Data Protection Regulation (GDPR) which replaces the old Data Protection Act. The legislation affects every business that handles personal data for clients. Personal data has been defined by the act as “ any information relating to an identifiable person who can be directly or indirectly identified”. This will include such data as name, address, gender and contact details but also may include information such as IP addresses.

The GDPR includes the following rights for individuals:

  • the right to be informed;
  • the right of access;
  • the right to rectification;
  • the right to erasure;
  • the right to restrict processing;
  • the right to data portability;
  • the right to object;
  • the right not to be subject to automated decision-making including profiling

Fair Processing Notice for Physicality

The personal data we collect about you will include data relating to your name, address, gender, date of birth and wider contact details. We also collect data about your health, medical conditions and any medications. We will use your personal data for the sole purpose of providing the physical therapies of sports/soft tissue massage and/or personal training. We will only use the data for the purpose for which it was collected. We will only share or grant access to your data with a specific third party if you request us to do so.

Your data will also be used to notify you of meetings held at or by Physicality which we feel may be on interest or benefit to you or any special events or promotions for the therapy you participate in. You may opt out of receiving such communications at any time by emailing us at

Record Keeping and the GDPR

Personal data should be kept for no longer than is necessary. It is a condition of both our insurance policies and our membership of a professional body for the exercise profession, the Register of Exercise Professionals (REPS), that we take and retain client records.

The requirements are that these records should be kept for at least 7 years following the last occasion on which treatment was given. In the case of minors, it is advisable that the records should be kept for at least 7 years after they reach the age of 18 years. We will keep client records for as long as we deem necessary rather than 7 years to cover both this professional requirement and the Statute of Limitation for injury claims in the UK.

Full details of our privacy notice can be found on our website


GDPR Privacy Notice

Privacy Notice

 Physicality is the trading name for Cycle Tough Ltd trading as Physicality. We are a registered company in England number 09215811. Our registered address for trading is 160, Main Street, North Sunderland, Seahouses, Northumberland NE68 7UA.

This notice is designed to help you understand what kind of information (personal data) we collect in connection with our services and how we will process and use this information. This notice describes how we collect, use, share, retain and safeguard personal data. It also sets out your individual rights.

 What is personal data?

In the context of our business, the personal data we hold on you may include name, address, gender, wider contact details, health parameters (height, weight body mass index etc), medical information, current or past medications and clinical notes relating to soft tissue massage/treatment and/or personal training sessions.

You may provide us with personal data when completing consent forms or questionnaires, contact by telephone or email, writing to us directly or providing us with medical information.

We will not share or grant access to your data to any third party without your specific verbal or written consent unless required to do so by law.

 Why do we need your personal data?

We will use your personal data for the sole purpose of supplying you with the services you have requested, either sports massage/soft tissue therapy or personal training and for no other purpose. We also use your data for the purposes of our financial record keeping.

We have a legitimate interest in informing you of our services and may contact you about educational meetings at Physicality or promotion of our services. You may request to withdraw from such communication at any time by emailing

We will retain your data for a minimum of 10 years after the end of any contractual agreement (10 years after the age of 18 years for a minor). The retention of data is necessary for insurance and professional regulatory body compliance. We retain the right to retain your data for longer if we consider it necessary.

 Your rights

There are legal rights granted to individuals governing the use of their personal data. These rights allow individuals to understand what personal data relating to them is held, for what purpose, how it is collected and with whom it is shared, where it is located, to object to its processing, to have the data corrected if inaccurate, to take copies of the data and to place restrictions on its processing. Individuals can also request the deletion of their data. These rights are known as Individual Rights under the Data protection Act 2018. These are:

  • the right to be informed;
  • the right of access;
  • the right to rectification;
  • the right to erasure;
  • the right to restrict processing;
  • the right to data portability;
  • the right to object;
  • the right to erasure
  • the right to data portability (receive a copy of your data)

Individuals can exercise their rights at any time. In some situations we may be unable to fully meet your request, for example we may be required to retain clinical records for insurance purposes or financial records for taxation purposes.

 Protecting your data

We will take all appropriate technical and organisational steps to protect the confidentiality of your data (password protected computer in a locked building).

 Contact us

If you wish to contact us regarding any aspect of your personal data or GDPR please email