Website Privacy Policy


    1. This Privacy Policy (the Policy) sets out how I, David Draper Fitness, (further referred to as “David Draper Fitness”, “my” or “I”), process the personal data of my website visitors and customers in the European Union (User). 

    2. If you have any questions about this Policy, please contact me on


Personal data or PII means any information relating to a person who can be identified either directly or indirectly; it may include name, address, email address, phone number, credit/debit card number, IP address, location data, purchase history (Personal Data).

  1. PURPOSES FOR WHICH we process PERSONAL data

    1. David Draper Fitness takes the security and privacy of my customers very seriously and I will only process your Personal Data, in accordance with applicable law, for the following purposes:

      1. to provide you with information, products or services that you request from me or which I feel may interest you, where you have consented to be contacted for such purposes;

      2. to carry out my obligations arising from any contracts entered into between you and I including obtaining payments from you, if you purchase any of my services;

      3. to allow you to participate in interactive features of my service, when you choose to do so;

      4. to notify you about changes to my service;

      5. serving personalised emails to you, to tell you about new features, solicit your feedback or just to keep you up to date with what is going on with myself and my products/services.

      6. developing and improving my products and services, for example, I may collect statistics about the behaviour of visitors to my website. I use cookies to help identify and track visitors, their usage of Fitness For Boardsports website, and their website access preferences. Please see my Website T&Cs policy.

      7. to enable my third party suppliers to carry out certain functions on my behalf, including payment processing, class booking, verification, technical, logistical or other functions, as may be required to fulfil my services.

      8. ensuring the security of your account and my business, preventing or detecting fraud or abuses of my website, for example, by requesting verification information in order to reset your account password; and

      9. to comply with applicable law, for example, in response to a request from a court or regulatory body, where such request is made in accordance with the law.

    2. Your consent, as the Data Subject, to the processing as specified in this Policy is the primary legal ground for my processing of your Personal Data.  However, there may be circumstances where I may also rely on other valid legal grounds for the processing of your Personal Data, such as:

      1. your request for content, goods or services necessitating steps including processing of your Personal Data to be taken prior to entering into contract with you and any processing that is necessary for the performance of such contract;

      2. legitimate interests pursued by David Draper Fitness as a business, except where such interests are overridden by your interests and fundamental rights.  I will rely on this legal ground in relation to the processing set out in paragraphs 3.1.8, in which I have a legitimate interest; and

      3. compliance with a legal obligation to which David Draper Fitness is subject, such as, for example, the processing for the purposes set out in paragraph 3.1.9.


    1. There are circumstances where I wish to disclose or are compelled to disclose your Personal Data to third parties.  This will only take place in accordance with the applicable law and for the purposes listed above.  These scenarios include disclosure:

      1. to our advertising partners who enable me to deliver personalised ads to your devices or similar advertising;

      2. to my subsidiaries, branches or associated offices;

      3. to my outsourced service providers or suppliers to facilitate the provision of my services or goods to my customers, for example, the disclosure to my data centre provider for the safe keeping of your Personal Data, webhosting provider through which your Personal Data may be collected, identity verification partners in order to verify your identity against public databases.

      4. to TrueCoach to manage clients. TrueCoach have their own privacy and data security policy with regard to client information. You can read this information below or on their website here.

      5. to GoCardless and PayPal to simplify client payments. A copy of their privacy and data security policies can be read on their websites here (GoCardless) and here (PayPal).

      6. to MailChimp to email clients and to keep in touch with clients with regular newsletters and new service announcements. You can unsubscribe to these emails at any time by clicking the ‘Unsubscribe’ link in the email or by contacting us directly at

      7. to third party service providers and consultants in order to protect the security or integrity of my business, including my databases and systems and for business continuity reasons;

      8. to another legal entity, on a temporary or permanent basis, for the purposes of a joint venture, collaboration, financing, sale, merger, reorganisation, change of legal form, dissolution or similar event.  In the case of a merger or sale, your Personal Data will be permanently transferred to a successor company;

      9. to public authorities where I am required by law to do so; and

      10. to any other third party where you have provided your consent.


I may transfer your Personal Data to a third party in countries outside the country in which it was originally collected for further processing in accordance with the purposes set out in paragraph 3 above.  In particular, your Personal Data may be transferred throughout the David Draper Fitness group and to our outsourced service providers located abroad.  In these circumstances I will, as required by applicable law, ensure that your privacy rights are adequately protected by appropriate technical, organisation, contractual or other lawful means.


    1. Your Personal Data will be retained until your last use or purchase of my services or goods and normally for a period of three years thereafter, unless longer retention is required by applicable local law or where I have a legitimate and lawful purpose to do so.  However, I will not retain beyond this period any of your Personal Data that is no longer required for the purposes set out in this Policy.  The retention of your Personal Data will be subject to periodic review.

    2. I may keep an anonymised form of your Personal Data, which will no longer refer to you, for statistical purposes without time limits, to the extent that I have a legitimate and lawful interest in doing so.


    1. Data protection law provides Data Subjects with numerous rights, including the right to: access, rectify, erase, restrict, transport, and object to the processing of, their Personal Data.  Data Subjects also have the right to lodge a complaint with the relevant data protection authority if they believe that their Personal Data is not being processed in accordance with applicable data protection law.

    2. Right to make subject access request (SAR).  Data Subjects may, where permitted by applicable law, request copies of their Personal Data.  If you would like to make a SAR, i.e. a request for copies of the Personal Data I hold about you, you may do so by emailing  The request should make clear that a SAR is being made.  You may also be required to submit a proof of your identity and a fee.

    3. Right to rectification.  You may request that I rectify any inaccurate and/or complete any incomplete Personal Data.

    4. Right to withdraw consent.  You may, as permitted by applicable law, withdraw your consent to the processing of your Personal Data at any time.  Such withdrawal will not affect the lawfulness of processing based on your previous consent.  Please note that if you withdraw your consent, you may not be able to benefit certain service features for which the processing of your Personal Data is essential.

    5. Right to object to processing.  You may, as permitted by applicable law, request that I stop processing your Personal Data.

    6. Right to erasure.  You may request that I erase your Personal Data and I will comply, unless there is a lawful reason for not doing so.  For example, there may be an overriding legitimate ground for keeping your Personal Data, such as, a legal obligation that I have to comply with, or if retention is necessary for me to comply with my legal obligations.

    7. Your right to lodge a complaint with the supervisory authority.  I suggest that you contact me about any questions or if you have a complaint in relation to how I process your Personal Data.  However, you do have the right to contact the relevant supervisory authority directly.  To contact the Information Commissioner’s Office in the United Kingdom, please visit the ICO website for instructions.

  3. changes to our policy

    1. I reserve the right to amend or modify this policy without notice to you and if I do so I will post the changes on this page. It is your responsibility to check my policy each time before you access our website for any changes

  4. Children

Please note that this website is not intended for children under the age of 16.


Please note that any websites that may be linked to our websites are subject to their own privacy policy.