privacy policy

Privacy Policy of Stovio Skills Limited, trading as StreetSmart Krav Maga

Effective date: 1st June 2025

Last updated: 1st June 2025

This Privacy Policy governs how Stovio Skills Limited (Company No.  15784752) trading as StreetSmart Krav Maga, based at Orchard Grove, Knockholt Road, Halstead, Sevenoaks TN14 7EU, UK, collects, uses, shares, protects and retains your personal data in line with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

1. Who we are & how to contact us

Controller: Stovio Skills Limited

Address: Orchard Grove, Knockholt Rd, Halstead, Sevenoaks TN14 7EU, UK

Email: ben@streetsmartkravmaga.co.uk

Phone: 07460265847

We are registered with the Information Commissioner’s Office (ICO) under the UK GDPR.

2. Personal data we collect

We collect the following categories of personal data:

A. Mandatory data (for memberships & bookings)

  • Identity: full name, date of birth or age, address, contact details (email, telephone)

  • Booking/membership records: class attendance, short‑term membership status, payments (not credit‑card details; see Section 4)

  • Health & medical data: disclosed in health questionnaires (existing injuries, medical conditions); this is special category (health) data

B. Optional / marketing data

  • Newsletter subscriptions (email, name, preferences)

  • Usage data: IP address, device & browser type, cookies, interactions with our marketing emails and website

C. Social media identifiers

  • Where you voluntarily interact with posts (e.g. comments, messaging), your username or Facebook/Instagram profile name may be processed for comment moderation or subscription linking.

3. Why we process your data — lawful bases

All processing is lawful, fair and transparent.

a. For membership & service provision (Article 6(1)(b) – contract)

Necessary to manage and deliver classes, respond to your booking, refunds, emergencies, membership obligations.

b. For health-related processing (special category data – Article 9(2)(h); Schedule 1(1) DPA 2018)

We process health data solely to assess fitness to train, mitigate injury risks, and tailor support or adjustments.

c. For marketing communications / newsletters (Article 6(1)(a) – consent or 6(1)(f) – legitimate interest)

We send email newsletters only (no SMS). We rely on consent to send marketing emails, and allow easy unsubscribe. We may also rely on legitimate interest to promote events to existing clients.

d. For analytics and website improvement (Article 6(1)(f) – legitimate interest)

Processing aggregated anonymous web data helps improve visitor experience—consistent with ICO guidance  .

4. Payments and security

  • Payment details are collected via certified and encrypted online gateways (e.g. Stripe or PayPal). We do not store your full credit/debit card numbers—we only store masked references and verification that the transaction is complete.

  • Security: data stored in secured UK/EEA servers with access limited to staff only; SSL/TLS used for data in transit; sensitive health data access restricted to instructors or welfare officers.

5. Who we share your data with

Your personal data will be shared only as necessary and always with contractual confidentiality obligations:

  • Approved third-party service providers, such as online booking platforms, payment processors, email‑marketing software and class management systems.

  • In case of emergency or legal requirement, data may be disclosed to paramedics or law enforcement (e.g. injury incidents, safeguarding issues), but only the minimum required.

  • We will never sell or lease your data for marketing from third parties. We may share non-identifiable aggregated data for statistical purposes.

No international data transfers are performed: all processing is done within the UK or EEA.

6. Cookies & website tracking

We use the following cookie types:

  • Strictly necessary cookies: to support full function of booking forms and login systems.

  • Analytics cookies: to understand visitor behaviour, traffic flows, page performance.

Consent is obtained before any non-essential cookies are dropped on your device, in line with ICO requirements  .

If you disable cookies, it may affect website features such as booking, membership renewal reminders, or consent prompts.

7. How long we retain your data

We retain personal data according to these guidelines (aligned with ICO retention policy principles)  :

  • Membership records, payments & attendance: retained for the duration of active membership plus 6 years (Limitation Act 1980).

  • Health questionnaire & medical information: kept for 6 years after your last class attendance.

  • Newsletter opt‑in details & email preferences: retained until you unsubscribe, plus 2 years for audit trail.

  • Website logs & analytics: anonymised or deleted within 26 months.

We review documents at their retention cut‑off and either securely delete or anonymise them.

8. Your privacy rights

You have the right to:

  1. Request access to the personal data we hold about you (Subject Access Request).

  2. Request correction or rectification of any inaccurate or incomplete data.

  3. Request erasure (if there’s no continuing lawful basis), restriction of processing, or object to processing (for marketing or legitimate interest reasons).

  4. Request data portability of information you provided, if processing is based on consent or contract and carried out electronically.

  5. Withdraw consent at any time (e.g. for marketing emails).

  6. Lodge a complaint with the Information Commissioner’s Office (ICO) if you believe your rights have been infringed.

Note: for some data, particularly health data, certain conditional exemptions (e.g. serious harm test or expectations test) might apply under the Data Protection Act 2018. We will inform you if such an exemption is applied.

To exercise these rights, you may email ben@streetsmartkravmaga.co.uk, or send a written request to our address.

9. Automated decisions & profiling

We do not use automated decision‑making or profiling that has legal or similarly significant effects on you—such as automatic denial of service. Some semi‑automated analytics tools (e.g. email open rate measurement) may be used, but you may opt-out by unsubscribing.

10. Children & parental consent

Where a child (under 18) is due to participate, we collect health and contact data only with explicit parental/guardian consent. Parents/carers are responsible for ensuring accuracy and may request erasure/changes as above.

11. Changes to this policy

We may update this policy as necessary. Notifications will be given via email and posted on our website. You acknowledge and accept the revised policy when you continue to use our services after the effective date.

12. Useful contacts

Data Protection Officer (DPO)

Stovio Skills Limited

c/o Address above

ben@streetsmartkravmaga.co.uk

Information Commissioner’s Office (ICO)

Wycliffe House, Water Lane,

Wilmslow SK9 5AF

https://ico.org.uk