Privacy Policy

Last updated: 22 May 2026

1. Who We Are

Mettle Fitness is a women's personal training and coaching service based in Solihull, Birmingham, UK. We specialise in menopause-informed strength training for women aged 40–65.

Data Controller: Paola Roura, trading as Mettle Fitness
Contact: info@mettlefit.co.uk
Website: www.mettlefit.co.uk

2. What Personal Data We Collect

We collect the following categories of personal data:

Contact and Identity Data

  • First and last name
  • Email address
  • Age range
  • Programme interest and fitness goals
  • Any information you voluntarily provide via our contact form or direct communication

Health and Medical Data (Special Category Data)

Where you complete a Physical Activity Readiness Questionnaire (PAR-Q) or share health information as part of your programme onboarding, we collect:

  • Medical history relevant to exercise participation
  • Menopause and perimenopause status and symptoms
  • Any injuries, conditions, or medications you disclose

This data falls under Special Category Data under UK GDPR Article 9. We collect it only with your explicit consent and solely for the purpose of delivering safe, appropriate training to you.

Payment Data

Payment transactions are processed securely by third-party providers (such as Stripe). We do not store your full card details. We may retain records of transactions for accounting and legal compliance purposes.

Technical and Usage Data

  • IP address and browser type (via Google Analytics)
  • Pages visited, time on site, and referral source
  • Session recordings and heatmaps (via Microsoft Clarity)

This data is collected only with your cookie consent.

3. Why We Collect Your Data (Legal Basis)

PurposeLegal Basis
Respond to your consultation enquiryLegitimate interests
Deliver your training programmeContract performance
Health screening (PAR-Q)Explicit consent
Process paymentsContract performance
Send programme updates or newslettersConsent
Improve our website via analyticsConsent (cookie)
Legal and accounting obligationsLegal obligation

4. How Long We Keep Your Data

  • Enquiry / contact data: 12 months from last contact if no programme begins
  • Client records (including health data): 7 years from end of programme (in line with HMRC and insurance requirements)
  • Payment records: 7 years (legal obligation)
  • Analytics data: As per Google Analytics and Microsoft Clarity retention settings (typically 14–26 months)
  • Marketing consent: Until you withdraw consent

5. Who We Share Your Data With

We do not sell your data. We may share it with:

  • Stripe — payment processing
  • Zoho CRM — client relationship management
  • Resend — transactional email delivery
  • Google Analytics — website analytics (with cookie consent)
  • Microsoft Clarity — session recordings and heatmaps (with cookie consent)
  • Vercel — website hosting
  • Our accountant or legal advisors — where required by law

All third-party processors are contractually required to handle your data in compliance with UK GDPR.

6. Your Rights

Under UK GDPR, you have the right to:

  • Access — request a copy of the data we hold about you
  • Rectification — ask us to correct inaccurate data
  • Erasure — ask us to delete your data (subject to legal retention obligations)
  • Restriction — ask us to limit how we use your data
  • Portability — request your data in a structured, machine-readable format
  • Object — object to processing based on legitimate interests
  • Withdraw consent — at any time, where processing is based on consent

To exercise any of these rights, email us at info@mettlefit.co.uk. We will respond within 30 days.

You also have the right to lodge a complaint with the Information Commissioner's Office (ICO) at ico.org.uk or by calling 0303 123 1113.

7. Data Security

We take appropriate technical and organisational measures to protect your personal data against unauthorised access, loss, or disclosure. Our website uses HTTPS encryption. Access to client data is restricted to authorised personnel only.

8. Transfers Outside the UK

Some of our third-party providers (such as Google and Microsoft) may process data outside the UK. Where this occurs, we ensure appropriate safeguards are in place, including Standard Contractual Clauses or adequacy decisions.

9. Changes to This Policy

We may update this policy from time to time. The current version will always be available at www.mettlefit.co.uk/privacy-policy. For material changes, we will notify active clients by email.

10. Contact Us

For any data protection queries, please contact us at:
Email: info@mettlefit.co.uk
Address: Solihull, Birmingham, UK