1 Introduction

United Fitness Brands and its subsidiaries are committed to protecting the privacy and security of your personal information. We take care to protect the privacy of our customers and users of our products that communicate (online or offline) with us, in store, events, over the phone, through our mobile applications, websites and social media platforms.

We have therefore developed this privacy policy to inform you of the data we collect, what we do with your information, what we do to keep it secure as well as the rights and choices you have over your personal information.

Any reference to United Fitness Brands includes United Fitness Brands as well as its subsidiaries; Reformcore Ltd, Boom Spin Ltd, Barrecore Ltd, KOBOX Ltd and triyoga Ltd.

2 The information we collect and when

We only collect information that we know we will genuinely use and in accordance with the General Data Protection Regulation (GDPR). The type of information that we will collect on you, and you voluntarily provide to us on this [website/form/service] includes:

Your name
Telephone number(s)
Email address
Survey responses
IP address
Method of finding out about United Fitness Brands’ Companies
Preferred Studio location(s)
Purchase, class and communication history

We may, in further dealings with you, extend this information to include your address, purchases, services used, and subscriptions, records of conversations and agreements and payment transactions.

You are under no statutory or contractual requirement or obligation to provide us with your personal information; however, we require at least the information above in order for us to deal with you as a user of United Fitness Brands in an efficient and effective manner.

The legal basis for processing your data is based on your specific consent as well as legitimate interest that we will have stated at the point the information was initially provided, therefore we will not store, process or transfer your data outside the parties detailed above unless we have an appropriate lawful reason to do so.

3 How we use your information

To contact you, following your enquiry, reply to any questions, suggestions, issues or complaints you have contacted us about;
Make available our products and services to you;
Process your orders;
Take payment from you or give you a refund;
Personalise your shopping experience, for example we may provide you with details of products that match a product, which you may have purchased or enquired about previously;
For statistical analysis and to get feedback from you about our products, websites, mobile apps, and other services and activities. For example, occasionally we may invite you to review a product or service you’ve bought or used from us. If we do, it’s possible that we’ll use independent research and feedback providers to act on our behalf;
To power our security measures and services so you can safely access our website and mobile apps;
Help us understand more about you as a customer, the products and services you consume, so we can serve you better;
Contact you about products and services from us;
Provide you with online advertising and promotions; and
Help answer your questions and solve any issues you have.

4 Who we might share your information with

We may share your personal data with other organisations in the following circumstances:

If the law or a public authority says we must share the personal data;
If we need to share personal data in order to establish, exercise or defend our legal rights (this includes providing personal data to others for the purposes of preventing fraud and reducing credit risk); or
From time to time, employ the services of other parties for dealing with certain processes necessary for the operation of the Website. However, all the information we share will be collected and anonymised, so neither you nor any of your devices can be identified from it.

We use the following third party data processors who are based outside the UK and the EU. We have determined the processing and transfer of this data to be adequate.

Google, California USA – We may compile statistics about the use of Our Locations using Google Analytics and Google Ads including data on traffic, usage patterns, user numbers, sales, and other information. All such data will be anonymised and will not include any personally identifying data, or any anonymised data that can be combined with other data and used to identify you. Google uses cookies to serve ads across the internet to you. You can opt-out of cookie tracking for ads from Google in your Google account or by disallowing cookies on our site when you first visit. We may from time to time share such data with third parties such as prospective investors, affiliates, partners, and advertisers. Data will only be shared and used within the bounds of the law.  View Google's Privacy Policy.

Hotjar – We use Hotjar in order to better understand our users’ needs and to optimise this service and experience. Hotjar is a technology service that helps us better understand our users experience. Hotjar uses cookies and other technologies to collect data on our users’ behavior and their devices (in particular device’s IP address captured and stored only in anonymized form), device screen size, device type (unique device identifiers), browser information, geographic location (country only), preferred language used to display our website). Hotjar stores this information in a pseudonymized user profile. Neither Hotjar nor we will ever use this information to identify individual users or to match it with further data on an individual user. For further details, please see Hotjar’s privacy policy by clicking on this link. You can opt-out to the creation of a user profile, Hotjar’s storing of data about your usage of our site and Hotjar’s use of tracking cookies on other websites by following this opt-out link.  

Zoom – We us Zoom for all our online and live streamed classes, workshops, courses, treatments and trainings. We will send you a unique link for your required booking, which will only be shared with yourself for treatments or with other students for online and live streamed classes, workshops, courses or training. You will be required to have your own personal Zoom account to attend. Zoom ensures your data is secure at all time, for full details please visit the following: Zoom privacy policy.  

MailChimp – We use MailChimp to send communications and store your sign-up/opt-in data for all promotional emails. Your data is stored safely and securely and will not be shared with any third party directly from MailChimp. You can opt-out of these emails at any time by clicking the unsubscribe link at the bottom of every email  

5 How we keep you updated on our products and services

We will send you relevant offers and news about our products and services in a number of ways including by email, but only if you have previously consented to receive these marketing communications. When you register with us we will ask if you would like to receive marketing communications, and you can change your marketing choices online, over the phone or in writing at any time.

If you wish to amend your marketing preferences, you can do so by logging into your account or unsubscribing from the marketing email.

6 How we keep you updated on our products and services

6.1.1 Right to Access Your Personal Information

You have the right to access the personal information that we hold about you in many circumstances, by making a request. This is sometimes termed ‘Subject Access Request’. If we agree that we are obliged to provide personal information to you (or someone else on your behalf), we will provide it to you or them free of charge and aim to do so within 30 days from when your identity has been confirmed.

We would ask for proof of identity and sufficient information about your interactions with us that we can locate your personal information.

If you would like to exercise this right, please contact us as set out below.

6.1.2 Right to Correction Your Personal Information

If any of the personal information we hold about you is inaccurate or out of date, you may ask us to correct it.

If you would like to exercise this right, please contact us as set out below.

6.1.3 Right to Stop or Limit Our Processing of Your Data

You have the right to object to us processing your personal information if we are not entitled to use it any more, to have your information deleted if we are keeping it too long or have its processing restricted in certain circumstances.

If you would like to exercise this right, please contact us as set out below.

6.1.4 For more information about your privacy rights

The Information Commissioner’s Office (ICO) regulates data protection and privacy matters in the UK. They make a lot of information accessible to consumers on their website and they ensure that the registered details of all data controllers such as ourselves are available publicly. You can access them here

You can make a complaint to the ICO at any time about the way we use your information. However, we hope that you would consider raising any issue or complaint you have with us first. Your satisfaction is extremely important to us, and we will always do our very best to solve any problems you may have.

7. How long we keep your information for

We retain a record of your personal information in order to provide you with a high quality and consistent service. We will always retain your personal information in accordance with the General Data Protection Regulation (GDPR) and never retain your information for longer than is necessary. Unless otherwise required by law, your data will be stored for a period of 7 years after your last class, at which point it will be deleted.

8. Giving your reviews and sharing your thoughts

When using our websites or mobile applications, you may be able to share information through social networks like Facebook and Twitter. For example, when you ‘like’, ‘share’ or review our Services. When doing this, your personal information may be visible to the providers of those social networks and/or their other users. Please remember it is your responsibility to set appropriate privacy settings on your social network accounts so you are comfortable with how your information is used and shared on them.

9. Security

Data security is of great importance to United Fitness Brands and to protect your data we have put in place suitable physical, electronic and managerial procedures to safeguard and secure your collected data.

We take security measures to protect your information including:

Implementing access controls to our information technology
We use appropriate procedures and technical security measures (including strict encryption, anonymisation and archiving techniques) to safeguard your information across all our computer systems, networks, websites, mobile apps, offices and stores.
Never asking you for your passwords;
Advising you never to enter your account number or password into an email or after following a link from an email.

10. How to contact us

If you would like to exercise one of your rights as set out above, or you have a question or a complaint about this policy, the way your personal information is processed, please contact us by one of the following means:

By email:

Thank you for taking the time to read our Privacy Policy.

United Fitness Brands – Cookie Policy

What Are Cookies

As is common practice with almost all professional websites this site uses cookies, which are tiny files that are downloaded to your computer, to improve your experience. This page describes what information they gather, how we use it and why we sometimes need to store these cookies. We will also share how you can prevent these cookies from being stored however this may downgrade or ‘break’ certain elements of the sites functionality.

How We Use Cookies

We use cookies for a variety of reasons detailed below. Unfortunately, in most cases there are no industry standard options for disabling cookies without completely disabling the functionality and features they add to this site. It is recommended that you leave on all cookies if you are not sure whether you need them or not in case they are used to provide a service that you use.

Disabling Cookies

You can prevent the setting of cookies by adjusting the settings on your browser (see your browser Help for how to do this). Be aware that disabling cookies will affect the functionality of this and many other websites that you visit. Disabling cookies will usually result in also disabling certain functionality and features of this site. Therefore, it is recommended that you do not disable cookies.

The Cookies We Set

If you create an account with us, then we will use cookies for the management of the sign-up process and general administration. These cookies will usually be deleted when you log out however in some cases they may remain afterwards to remember your site preferences when logged out.

We use cookies when you are logged in so that we can remember this fact. This prevents you from having to log in every single time you visit a new page. These cookies are typically removed or cleared when you log out to ensure that you can only access restricted features and areas when logged in.

This site offers e-commerce or payment facilities and some cookies are essential to ensure that your order is remembered between pages so that we can process it properly.

When you submit data to through a form such as those found on contact pages or comment forms cookies may be set to remember your user details for future correspondence.

Third Party Cookies

In some special cases we also use cookies provided by trusted third parties. The following section details which third party cookies you might encounter through this site.

This site uses Google Analytics which is one of the most widespread and trusted analytics solution on the web for helping us to understand how you use the site and ways that we can improve your experience. These cookies may track things such as how long you spend on the site and the pages that you visit so we can continue to produce engaging content.

For more information on Google Analytics cookies, see the official Google Analytics page.

As we sell products it’s important for us to understand statistics about how many of the visitors to our site actually make a purchase and as such this is the kind of data that these cookies will track. This is important to you as it means that we can accurately make business predictions that allow us to monitor our advertising and product costs to ensure the best possible price.

We also use social media buttons and/or plugins on this site that allow you to connect with your social network in various ways. For these to work the following social media sites including; Facebook, Twitter, Instagram, will set cookies through our site which may be used to enhance your profile on their site or contribute to the data they hold for various purposes outlined in their respective privacy policies.

CCTV Policy

1. Overview

1.1 Some United Fitness Brands locations have in place a CCTV surveillance system, “the system” within internal and external locations. Images are monitored and recorded centrally and will be used in strict accordance with this policy. The system is owned by United Fitness Brands.

1.2 The Heads of Studio Managers have initial responsibility for the operation of the system and for ensuring compliance with this policy and the procedures documented. They may be contacted as follows:

General Data Protection Regulations: CCTV digital images, if they show a recognisable person, are personal data and are covered by the General Data Protection Regulations. This Policy is associated with the United Fitness Brands General Data Protection Policy, the provisions of which should be adhered to at all times.

2. The system

2.1 Systems in United Fitness Brands
2.1.1 - In Boom Cycle Battersea There are 5 cameras in total, 4 internal and 1 external with night zoom. No monitor screens are present, the feed can only be accessed via an app with restricted access to only two users with unique log-in credentials. Two signs are visible, one is located in the main reception area and the other on the shopfront.
2.1.2 – In KOBOX there are

2.2 Cameras will be located at strategic points on the complex. No camera will be hidden from view. A list of locations is given at Appendix 1.

2.3 Signs will be prominently placed at strategic points and at entrance and exit points of the studio to inform staff, visitors, and members of the public that a CCTV installation is in use.

2.4 Although every effort has been made to ensure maximum effectiveness of the system it is not possible to guarantee that the system will detect every incident taking place within the area of coverage.

3. Purpose of the system

3.1 The system has been installed by United Fitness Brands with the primary purpose of reducing the threat of crime generally, protecting United Fitness Brands premises and helping to ensure the safety of all United Fitness Brands staff and visitors consistent with respect for the individuals’ privacy. These purposes will be achieved by monitoring the system to:

• Deter those having criminal intent

• Assist in the prevention and detection of crime

• Facilitate the identification, apprehension and prosecution of offenders in relation to crime and public order

• Facilitate the identification of any activities/event which might warrant disciplinary proceedings being taken against staff and assist in providing evidence to managers and/or to a member of staff against whom disciplinary or other action is, or is threatened to be taken.

• In the case of staff to provide management information relating to employee compliance with contracts of employment.

The system will not be used:

• To provide recorded images for the world-wide-web.

• To record sound other than in accordance with the policy on covert recording.

• For any automated decision taking

3.2 Covert recording

3.2.1 Covert cameras may be used under the following circumstances on the written authorisation and where it has been assessed re: General Data Protection Regulations by the DPO

• That informing the individual(s) concerned that recording was taking place would seriously prejudice the objective of making the recording; and

• That there is reasonable cause to suspect that unauthorised or illegal activity is taking place or is about to take place.

3.2.2 Any such covert processing will only be carried out for a limited and reasonable period of time consistent with the objectives of making the recording and will only relate to the specific suspected unauthorised activity.

3.2.3 The decision to adopt covert recording will be fully documented and will set out how the decision to use covert recording was reached and by whom.

4. Monitoring of images

4.1 Images captured by the system will be recorded twenty-four hours a day throughout the whole year. Monitors may be present onsite. Recordings will be stored locally on a hard drive located with the site communications equipment.

4.2 No unauthorised access to recordings will be permitted at any time. Access will be strictly limited to the Studio Manager, Co-founders, police officers and any other person with statutory powers of entry. A list of those members of staff authorised to access the recordings via the app is given at Appendix 2.

4.3 Staff, guests and visitors may be granted access on a case-by-case basis and only then on written authorisation from the DPO. In an emergency and where it is not reasonably practicable to secure prior authorisation, access may be granted to persons with a legitimate reason to access the recordings.

4.4 Before allowing access to recordings, staff will satisfy themselves of the identity of any visitor and that the visitor has appropriate authorisation. All individuals will be required to complete and sign the access’ log, located in the studios GDPR folder which shall include details of their name, their department or organisation they represent, the person who granted authorisation and the times of access, this will also include any visitors granted emergency access.

5. Staff

5.1 All staff working will be made aware of the CCTV images and recordings and associated policy. The DPO/Studio Manager will ensure that all staff are fully briefed and trained in respect of the functions, operational and administrative, arising from the use of CCTV.

6. Recording

6.1 Digital recordings are made using digital video recorders operating in time lapse mode. Incidents may be recorded in real time.

6.2 Images will normally be retained for 31 days from the date of recording, and then automatically over written and the Log updated accordingly.

7. Access to images

7.1 All access to images will be recorded in an Access Log

7.2 Access to images will be restricted to those staff need to have access in accordance with the purposes of the system. A list of such staff is given at Appendix 2.

7.3 Access to images by third parties

7.3.1 Disclosure of recorded material will only be made to third parties in strict accordance with the purposes of the system and is limited to the following authorities:

• Law enforcement agencies where images recorded would assist in a criminal enquiry and/or the prevention of terrorism and disorder
• Prosecution agencies
• Relevant legal representatives
• The media where the assistance of the general public is required in the identification of a victim of crime or the identification of a perpetrator of a crime
• People whose images have been recorded and retained unless disclosure to the individual would prejudice criminal enquiries or criminal proceedings.
• Emergency services in connection with the investigation of an accident.

7.4 Access to images by a subject

CCTV digital images, if they show a recognisable person, are personal data and are covered by the General Data Protection Regulations. Anyone who believes that they have been filmed by CCTV is entitled to ask for a copy of the data, subject to exemptions contained in the Regulations. They do not have the right of instant access.

7.4.1 A person whose image has been recorded and retained and who wishes access to the data must apply in writing to the DPO. Subject Access Requests can be made via email A response will be provided promptly and in any event within 1 month of receiving the request.

7.4.2 The General Data Protection Act gives the DPO the right to refuse a request for a copy of the data particularly where such access could prejudice the prevention or detection of crime or the apprehension or prosecution of offenders.

7.4.3 If it is decided that a data subject access request is to be refused, the reasons will be fully documented and the data subject informed in writing within 1 month, stating the reasons.

8. Complaints

8.1 It is recognised that some Data Subjects may have concerns or complaints about the operation of the system. Any complaint should be addressed in the first instance to the DPO at or Boom Cycle Battersea, 1&3 Arches Lane, London, SW11 8AB.

Concerns or enquiries relating to the provisions of the General Data Protection Regulations and/or The Data Protection Act 2018 may also be addressed to the DPO. These rights do not alter the existing rights of anyone under any relevant grievance or disciplinary procedures.

9. Data breach

9.1 A “Personal Data Breach’ means a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, personal data transmitted, stored or otherwise processed”

9.2 In the event that a data breach occurs, a thorough assessment of the breach will be made immediately by the Incident Response Team (IRT), comprised of the DPO.

9.3 Immediate steps will be taken to ensure that the breach is contained and the effects of the breach minimised and mitigated as much as possible.

9.4 If the data breach is deemed by the IRT to be reportable to the Information Commissioner’s Office, the ICO will be notified within 72 hours of the discovery of the breach. The ICO can be informed via their website at: or by telephone: 0303 123 1113

9.5 In the case of a serious breach, Data Subjects whose data has been affected will be notified, in writing.

10. Compliance monitoring

10.1 The contact point for staff or members of the public wishing to enquire about the system will be the DPO by pre-arranged appointment.

10.2 Upon request enquirers will be provided with:

• A summary of this statement of policy
• An access request form if required or requested
• A subject access request form if required or requested
• A copy of the United Fitness Brands complaints procedures

10.3 All documented procedures will be kept under review and a report periodically made to senior management.

10.4 The effectiveness of the system in meeting its purposes will be kept under review and reports submitted as required to senior management.

Thank you for taking the time to read our CCTV Policy.

United Fitness Brands

This Policy was last updated on the 09th of April 2022.

Appendix 1

Camera No.
External camera – exact location required e.g. outside main entrance
Main reception
Shake bar area
Corridor between studios
Bench waiting area by Room 2










Appendix 2

Contact Details

0203 034 0711 

More Information

Hopefully that has clarified things for you and as was previously mentioned if there is something that you aren’t sure whether you need or not it’s usually safer to leave cookies enabled in case it does interact with one of the features you use on our site.

However if you are still looking for more information then you can contact us at

United Fitness Brands

This Policy was last updated on the 09th of April 2022

Download our Health Commitment Statement.

Terms and Conditions:

  • All purchases are final, and no refunds will be issued.
  • Entry to the cycle class is not permitted once the door closes, so please arrive 15 minutes before the scheduled start time.