Privacy Policy

1.  Who We Are

This website is operated by MOBrown Limited, a company registered in England & Wales, trading as Transition Training.

MOBrown Limited is the data controller responsible for your personal data. This means we determine the purposes and means of processing personal data collected through this website.

2.  Purpose of This Privacy Policy

This privacy policy aims to give you clear information on how MOBrown Limited collects and processes your personal data through your use of this website, including any data you provide when you:

  • Browse or interact with our website
  • Purchase a coaching programme, Learn to Lift course, or workshop ticket
  • Complete our lifting assessment quiz
  • Contact us directly by email or phone
  • Subscribe to any communications from us

This website is intended for adults aged 18 and over. We do not knowingly collect data relating to children under the age of 13. If we become aware that we have inadvertently collected data from a child under 13, we will delete it promptly. If you believe we hold data relating to a child, please contact us at support@transition.training.

3.  What Personal Data We Collect

Data you provide to us directly

  • Identity data: your full name
  • Contact data: email address and phone number
  • Health and training data: information about your training history, physical capabilities, goals, or health conditions that you share with us as part of coaching or onboarding
  • Financial data: payment card details — processed exclusively by Stripe; we do not store card details on our own servers
  • Communications data: the content of messages you send us by email, via the website contact form, or through any other channel

Data we collect automatically

When you visit our website, we may automatically collect the following technical data:

  • Your IP address and approximate location derived from it
  • Browser type and version
  • Operating system
  • Pages visited, time spent on pages, and referral source
  • Device type and screen resolution

This technical data is collected through cookies and third-party analytics tools. Please see Section 7 (Cookies) and Section 8 (Third Parties) for full details.

Data from comments (if applicable)

If you leave a comment on our website, we collect the data shown in the comment form — your name, email address, and any website URL you provide — along with your IP address and browser user agent string. This information is used to help detect spam. An anonymised string derived from your email address may be shared with the Gravatar service to check whether you use it; Gravatar’s privacy policy is available at automattic.com/privacy.

Data from media uploads

If you upload images to this website, avoid those with embedded location data (EXIF GPS). Visitors to the website may be able to download and extract any location data from images you upload.

4.  How We Use Your Personal Data

We will only use your personal data when the law allows us to. The table below sets out the purposes for which we process your data and the legal basis we rely on.

To deliver our services

  • Purpose: Process your purchase and deliver the coaching programme, course, or workshop you have bought
  • Legal basis: Performance of a contract with you

To manage our relationship with you

  • Purpose: Communicate with you about your programme, respond to your enquiries, send service updates, and notify you of changes to our terms or this policy
  • Legal basis: Performance of a contract; legitimate interests (maintaining our business relationship)

To process payments

  • Purpose: Facilitate secure payment via Stripe and manage any payment disputes or refund requests
  • Legal basis: Performance of a contract; legal obligation

To improve our website and services

  • Purpose: Analyse how visitors use our website, diagnose technical problems, and improve the design and content of our services
  • Legal basis: Legitimate interests (developing and improving our business)

For marketing communications

  • Purpose: Send you information about our services, offers, or content that may be relevant to you, where you have not opted out
  • Legal basis: Legitimate interests (where you are an existing customer); consent (where required)

To comply with legal obligations

  • Purpose: Retain financial and business records as required by law, respond to regulatory requests, and prevent fraud
  • Legal basis: Legal obligation; legitimate interests (protecting our business)

We will not use your personal data for any purpose that is incompatible with the purpose for which it was collected without notifying you and, where required, obtaining your consent.

5.  Marketing

Communications from us

We may contact you with information about our services if you have purchased from us or made an enquiry, and you have not opted out of marketing communications. You can unsubscribe at any time by clicking the unsubscribe link in any marketing email or by contacting us at support@transition.training.

Third-party marketing

We will not share your personal data with third parties for their own marketing purposes without your express opt-in consent.

Opting out

You can ask us to stop sending you marketing communications at any time. Opting out of marketing does not affect data we process for other purposes, such as to fulfil your service contract or meet legal obligations.

6.  Sharing Your Personal Data

We do not sell, rent, or trade your personal data. We may share your data with the following categories of third parties only where necessary to deliver our services or comply with our legal obligations:

  • Stripe Inc — payment processing. Stripe acts as an independent data controller for payment data. Their privacy policy is available at stripe.com/gb/privacy
  • Google LLC — website analytics via Google Analytics. Data shared is anonymised and aggregated. Google’s privacy policy is available at policies.google.com/privacy
  • Meta Platforms Ireland Ltd — advertising measurement via Meta Pixel. Their data policy is available at facebook.com/privacy/policy
  • Hostinger — website hosting. Your data is stored on servers operated by Hostinger in accordance with their data processing agreement
  • Legal and regulatory authorities — where we are required by law to disclose data, for example to prevent fraud, protect safety, or comply with a court order

All third-party processors are contractually required to process your data only on our instructions and in compliance with applicable UK data protection law.

7.  Cookies

Our website uses cookies — small text files placed on your device when you visit. We use the following categories of cookies:

Strictly necessary cookies

Required for the website to function. These cannot be disabled.

  • WordPress session cookies — maintain your session and remember display preferences. Login cookies last up to two days; screen options cookies last up to one year. If you select “Remember Me”, your login persists for two weeks
  • Comment cookies — if you leave a comment, we may save your name, email, and website in cookies for one year so you do not have to re-enter them on your next visit
  • Stripe cookies — required to process payments securely

Analytics cookies

  • Google Analytics — tracks page views, session behaviour, and traffic sources to help us improve the website. Data is anonymised. Opt out at: tools.google.com/dlpage/gaoptout

Marketing cookies

  • Meta Pixel — measures advertising effectiveness and enables retargeted ads on Facebook and Instagram. Manage preferences at: facebook.com/settings/ads

Embedded content

Pages on this website may include embedded content from third-party services such as YouTube or Vimeo. Embedded content behaves as if you had visited that third-party website directly. Those services may collect data about you, use their own cookies, and monitor your interaction with the embedded content.

Managing cookies

You can control or delete cookies through your browser settings. Disabling strictly necessary cookies may affect website functionality. Guidance for common browsers:

  • Chrome: support.google.com/chrome/answer/95647
  • Safari: support.apple.com/guide/safari/manage-cookies
  • Firefox: support.mozilla.org/kb/cookies-information-websites-store-on-your-computer
  • Edge: support.microsoft.com/microsoft-edge/delete-cookies

You can also manage interest-based advertising preferences at youronlinechoices.com.

8.  How Long We Retain Your Data

We retain your personal data only for as long as necessary for the purposes for which it was collected, or as required by law. Our standard retention periods are:

  • Customer and contract records — 6 years from the end of the contract, in line with our obligations under the Limitation Act 1980 and financial record-keeping requirements
  • Health and training data — for the duration of your programme and up to 2 years thereafter, unless you request deletion
  • Financial transaction records — 6 years, as required by HMRC
  • Marketing preferences and communications — until you unsubscribe or request deletion
  • Website analytics data — retained by Google Analytics per their standard retention settings (up to 26 months)
  • Comment data — retained indefinitely to support spam detection and moderation, unless you request deletion

Following the expiry of the applicable retention period, we will securely delete or anonymise your personal data.

9.  Security of Your Data

We take the security of your personal data seriously and use commercially reasonable technical and organisational measures to protect it against unauthorised access, loss, alteration, or disclosure. These measures include:

  • Secure HTTPS encryption across our website
  • Payment processing exclusively through Stripe, which is PCI DSS compliant
  • Restricting access to personal data to authorised personnel only

However, no method of transmission over the internet or electronic storage is completely secure. While we strive to protect your personal data, we cannot guarantee absolute security. You are responsible for keeping any account credentials confidential.

In the event of a personal data breach that poses a risk to your rights and freedoms, we will notify the Information Commissioner’s Office (ICO) within 72 hours and, where required, notify you directly.

10.  Your Rights Under UK GDPR

As a UK resident, you have the following rights in relation to your personal data:

  • Right of access — you can request a copy of the personal data we hold about you (a Subject Access Request)
  • Right to rectification — you can ask us to correct inaccurate or incomplete data
  • Right to erasure — you can ask us to delete your personal data where we no longer have a lawful basis to hold it
  • Right to restrict processing — you can ask us to pause processing of your data in certain circumstances
  • Right to data portability — you can request a copy of data you have provided to us in a structured, machine-readable format
  • Right to object — you can object to processing based on legitimate interests or for direct marketing purposes
  • Right to withdraw consent — where processing is based on your consent, you can withdraw it at any time without affecting the lawfulness of prior processing

To exercise any of these rights, contact us at support@transition.training. We will respond within 30 days. We may need to verify your identity before processing your request.

If you are not satisfied with how we handle your data or your request, you have the right to lodge a complaint with the Information Commissioner’s Office (ICO):

  • Website: ico.org.uk
  • Telephone: 0303 123 1113

We would appreciate the opportunity to resolve any concerns directly before you contact the ICO, so please contact us in the first instance.

11.  Data Transfers Outside the UK

Some of our third-party service providers are based outside the UK. Where we transfer personal data outside the UK, we ensure appropriate safeguards are in place, such as the UK International Data Transfer Agreement (IDTA) or equivalent adequacy decisions. The key transfers are:

  • Stripe Inc (USA) — transfers covered by Stripe’s standard contractual clauses and UK adequacy framework
  • Google LLC (USA) — transfers covered by Google’s data processing addendum
  • Meta Platforms Ireland Ltd (Ireland/USA) — transfers subject to Meta’s standard contractual clauses

You can request further information about the specific safeguards applied to any international transfer by contacting us at support@transition.training.

12.  Third-Party Websites

Our website may contain links to third-party websites. Clicking on those links may allow third parties to collect data about you. We are not responsible for the privacy practices of those websites and encourage you to read their privacy policies before providing any personal data.

13.  Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, services, or legal obligations. When we make material changes, we will update the “Last updated” date at the top of this page. Where appropriate, we may also notify you by email.

Your continued use of our website following any update constitutes your acknowledgement of the revised policy.

14.  Contact Us

If you have any questions about this Privacy Policy, how we handle your data, or wish to exercise your rights, please contact us:

  • Email: support@transition.training
  • Legal entity: MOBrown Limited, trading as Transition Training, registered in England & Wales

We aim to respond to all data-related enquiries within 30 days.