LOGIN

Privacy Policy (GDPR Compliant)

Last updated: 24/11/2025

This Privacy Policy explains how Engine Room Fit (“we”, “us”, “our”) collects, uses, stores, and protects personal data when you visit our website, purchase digital products, or use our training plan generator (“Services”).

We comply with:

  • UK GDPR
  • EU GDPR
  • Data Protection Act 2018
  • Applicable international data protection standards

By using our website or Services, you agree to the practices described below.

1. Data Controller

Engine Room Fit
Email: contact@engineroomfit.com
Registered in: United Kingdom

2. Data We Collect

We collect only the data required to provide Services, process payments, comply with law, and protect our systems.

2.1 Data You Provide Directly

Checkout Information

When you make a purchase, you may provide:

  • Full name
  • Email address
  • Billing address
  • Payment method type
  • Order details
  • IP address (for fraud prevention)

We do not store full card numbers or sensitive payment information.
All payments are handled securely by third-party payment processors.

Information Used for Training Plan Generation

To create a personalised training plan, you may submit:

  • Training goals
  • Experience level
  • Schedule
  • Equipment available
  • Age range
  • Limitations or preferences

This information is used strictly to produce your plan.

Support and Communication

When contacting us, you may provide:

  • Email address
  • Order information
  • The content of your message
  • Attachments (optional)

2.2 Automatically Collected Data

When accessing our site, we may automatically collect:

  • IP address
  • Browser type and version
  • Device information
  • Operating system
  • Cookies
  • Pages viewed
  • Time spent on pages
  • Referring URLs
  • Error logs
  • General analytics data

This helps maintain site performance, usability, and security.

2.3 Data From Third Parties

We may receive information from:

  • Stripe (payment confirmation, fraud signals, metadata)
  • Email delivery providers
  • Hosting and security services
  • Analytics platforms

All third parties are required to comply with GDPR standards.

3. How We Use Your Data

Your data is used for:

  • Delivering digital products
  • Generating personalised plans
  • Processing and confirming payments
  • Sending order receipts and downloads
  • Providing customer support
  • Fraud detection
  • Site security and performance
  • Analytics and service improvement
  • Legal and tax compliance

We do not sell or rent personal data.

4. Lawful Bases for Processing (GDPR)

Contractual Necessity

To:

  • Deliver your purchase
  • Process payments
  • Email your files or plan

Legitimate Interests

To:

  • Prevent fraud
  • Maintain security
  • Improve site usability
  • Analyse performance

Consent

Used for:

  • Marketing emails (only if you opt-in)
  • Non-essential cookies

Legal Obligation

Used for:

  • Transaction record keeping
  • Tax and accounting requirements

5. Payment Processing

Payments are handled by:

  • Stripe
  • Apple Pay
  • Google Pay

These services may process:

  • Card details
  • Billing address
  • Device information
  • Authentication data
  • Fraud detection signals

We do not store or access full card details.
Stripe is PCI-DSS Level 1 certified.

6. Cookies and Tracking

We use cookies for:

Essential

  • Checkout functionality
  • Security
  • Fraud prevention

Performance

  • Site speed
  • Error tracking

Analytics

  • Visitor behaviour
  • Page performance

Marketing (if implemented)

  • Retargeting
  • Measuring advertising results

You can disable non-essential cookies via browser settings or a cookie banner, where applicable.

7. Data Retention

We keep personal data only as long as necessary:

  • Order and transaction records: 6 years (legal requirement)
  • Support messages: Up to 2 years
  • Analytics: Typically anonymised after 26 months
  • Training inputs: Retained only as needed to provide or improve services

You may request deletion at any time (see Section 10).

8. Data Sharing

We share data only with essential service providers, including:

  • Payment processors
  • Hosting providers
  • Email delivery services
  • Analytics and security providers
  • Backup systems

These providers are contractually bound to GDPR compliance and cannot use your data for their own purposes.

We never sell your data.

9. International Transfers

Your data may be processed outside your country.
Where transfers occur, we use GDPR-approved safeguards such as:

  • Standard Contractual Clauses (SCCs)
  • Secure encryption
  • Compliant data storage measures

10. Your Rights (GDPR)

You have the right to:

  • Access your personal data
  • Request correction
  • Request deletion
  • Restrict processing
  • Object to certain processing
  • Request data portability
  • Withdraw consent (for marketing and non-essential cookies)

To exercise these rights, contact:
contact@engineroomfit.com

We respond within 30 days.

11. Children’s Privacy

Our Services are not intended for individuals under 18 years old.
We do not intentionally collect data from minors.
If a minor’s data is discovered, it will be deleted promptly.

12. Security Measures

We use industry-standard security measures, including:

  • SSL encryption
  • Secure hosting infrastructure
  • Malware protection
  • Firewalls
  • Access controls
  • Encrypted backups

No online system can guarantee absolute security, but we take reasonable steps to protect your data.

13. External Links

Our website may contain links to external sites.
We are not responsible for their privacy practices.
Always review the policies of external websites before sharing information.

14. Changes to This Policy

We may update this Privacy Policy as needed.
Revisions become effective immediately when posted on this page.
Continued use of our website or Services after updates means you accept the revised terms.

Last updated: 24/11/2025

15. Contact Information

For questions, concerns, or GDPR requests, contact:

Engine Room Fit
Email: contact@engineroomfit.com

contact@engineromsport.com

Terms & Condtions

Privacy Policy

Refund Policy