Our Privacy Policy

Last updated on 24/05/18

Who are we?

  • I’m Luke Jones, owner and creator of HERO Movement. It’s a place where I explore and share ideas related to movement, wellness and adventure. 

  • Our website address is: https://www.heromovement.net, hereinafter known as “HERO Movement”,“us”, “we”, “the Site” or “our Website”.

  • You can contact us at: luke[at]heromovement.net or using this contact form

what this privacy policy involves

  • This privacy policy sets out how we use and protect any information that you give while using the Site, and has been compiled to better serve those who are concerned with how their Personal Data is being used. Personal Data is information that can be used on its own or with other information to identify, contact, or locate a single person, or to identify an individual in context.

  • Please read our privacy policy carefully to get a clear understanding of how we collect, use, protect or otherwise handle your Personal Data in accordance with our website. We are committed to protecting your privacy and to providing you with a powerful and secure online experience.

  • We may update this privacy policy by posting a new version on this website. You should check this page occasionally to ensure you are familiar with any changes.

Our Commitment to data privacy

  • Here at HERO Movement, we strive to collect to the minimum amount of data required to deliver the best browsing experience to you and provide our services to the best of our ability. 

  • We are fully committed to maintaining the privacy of any data shared with us. Several measures are in place to ensuring any data is held as securely as possible, used only for it’s intended purpose, and is only retained for as long as is deemed necessary.

  • We aspire to comply to the fullest extent possible with applicable data protection regulations, in particular the European Union’s General Data Protection Regulation (‘GDPR’) and ePrivacy Directive, where applicable.

Overview of Personal data collection

what counts as
"personal data"

  • Obvious examples of personal data may include your name, email address, postal address – all of which we seek to gain your consent before collecting (e.g – when you sign up to our email newsletter).

  • Other less obvious forms of personal data may include the IP address of your computer, sometimes stored by cookies and web hosting services. Although this type of data does not allow us to identify your directly, we included it here to be on the safe side in complying with EU data regulations.   

Who we Share Personal Data With

Any data we work with at HERO Movement (including personal data) is accessed on a strict ‘need to know basis’ – meaning that it only accessed by parties involved in providing our services to you, and only for its intended purpose.

Third parties that may have access to your personal data include:

  • WordPress. The open-source website platform used to build HERO Movement. WordPress Privacy Policy.

  • Mailchimp. Our email marketing provider. Data stored may include name, email address and location based off IP. Mailchimp Privacy Policy.

  • Mailerlite. Our email marketing provider. Data stored may include name, email address and location based off IP. MailerLite Privacy Policy.

  • TinyLetter. Newsletter provider. Data stored may include name, email address and location based off IP. TinyLetter Privacy Policy.

  • Siteground. Our website hosting service provider that provides the physical infrastructure to serve HERO Movement. Siteground Privacy Policy.

  • Cloudfare. Our current cloud data storage provider used for the secure storage and service of website data. Cloudfare Privacy Policy.

  • Defiant Inc. The providers of the Wordfence™ security software that protects our website. Only limited, technical data (such as device IP address, browser type/version, language etc) are transmitted. Wordfence Privacy Policy.

How we protect your data

  • Encryption technology. HERO Movement is hosted using a secure SSL certificate, serving the site and any data transferred across the site via an encrypted https:// protocol.

  • Security protocols. We a security plugin to minimise the risk of attacks on the website – limiting login attempts, blocking potentially malicious attempts to access the site, and regularly performing full system scans

  • Selected third party services. We minimise the use of third party services when it comes to data handling, and only use a selected, reputable few when serving the website and our services to you. Each core third party provider we work with has their own  Data Processing Agreement and Privacy policy in line with EU regulations. 

  • Offline protocols. We use numerous offline protocols to prevent data leakage – ensuring any devices that may house data are stored securely and are password protected. 

Accessing your personal data

You have the right to confirmation as to whether or not we process your personal data and, where we do, access to the personal data, together with certain additional information. That additional information includes details of the purposes of the processing, the categories of personal data concerned and the recipients of the personal data. Providing the rights and freedoms of others are not affected, we will supply to you a copy of your personal data. The first copy will be provided free of charge, but additional copies may be subject to a reasonable fee.

[You can access your personal data by contacting luke[at]heromovement.net]

You have the right to have any inaccurate personal data about you rectified and, taking into account the purposes of the processing, to have any incomplete personal data about you completed.

In some circumstances you have the right to the erasure of your personal data without undue delay. Those circumstances include:

  • The personal data are no longer necessary in relation to the purposes for which they were collected or otherwise processed.
  • You withdraw consent to consent-based processing; you object to the processing under certain rules of applicable data protection law.
  • The processing is for direct marketing purposes
  • The personal data have been unlawfully processed

However, there are exclusions of the right to erasure. The general exclusions include where processing is necessary:

  • For exercising the right of freedom of expression and information
  • For compliance with a legal obligation
  • For the establishment, exercise or defence of legal claims

In some circumstances you have the right to restrict the processing of your personal data.

Those circumstances are:

  • You contest the accuracy of the personal data
  • Processing is unlawful but you oppose erasure
  • We no longer need the personal data for the purposes of our processing, but you require personal data for the establishment, exercise or defence of legal claims
  • You have objected to processing, pending the verification of that objection.

Where processing has been restricted on this basis, we may continue to store your personal data.

However, we will only otherwise process it:

  • With your consent
  • For the establishment, exercise or defence of legal claims
  • For the protection of the rights of another natural or legal person
  • For reasons of important public interest.

You have the right to object to our processing of your personal data on grounds relating to your particular situation, but only to the extent that the legal basis for the processing is that the processing is necessary for: the performance of a task carried out in the public interest or in the exercise of any official authority vested in us; or the purposes of the legitimate interests pursued by us or by a third party. If you make such an objection, we will cease to process the personal information unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or the processing is for the establishment, exercise or defence of legal claims.

You have the right to object to our processing of your personal data for direct marketing purposes (including profiling for direct marketing purposes). If you make such an objection, we will cease to process your personal data for this purpose.

You have the right to object to our processing of your personal data for scientific or historical research purposes or statistical purposes on grounds relating to your particular situation, unless the processing is necessary for the performance of a task carried out for reasons of public interest.

If you consider that our processing of your personal information infringes data protection laws, you have a legal right to lodge a complaint with a supervisory authority responsible for data protection. You may do so in the EU member state of your habitual residence, your place of work or the place of the alleged infringement.

To the extent that the legal basis for our processing of your personal information is consent, you have the right to withdraw that consent at any time. Withdrawal will not affect the lawfulness of processing before the withdrawal.

You may exercise any of your rights in relation to your personal data by contacting us at luke[at]heromovement.net

What personal data we collect
and why we collect it

WordPress Cookies

A cookie is a file containing an identifier (a string of letters and numbers) that is sent by a web server to a web browser and is stored by the browser. The identifier is then sent back to the server each time the browser requests a page from the server.

  • If you leave a comment on our site you may opt-in to saving your name, email address and website in cookies. These are for your convenience so that you do not have to fill in your details again when you leave another comment. These cookies will last for one year.

  • If you have an account and you log in to this site, we will set a temporary cookie to determine if your browser accepts cookies. This cookie contains no personal data and is discarded when you close your browser.

  • When you log in, we will also set up several cookies to save your login information and your screen display choices. Login cookies last for two days, and screen options cookies last for a year. If you select “Remember Me”, your login will persist for two weeks. If you log out of your account, the login cookies will be removed.

  • If you edit or publish an article, an additional cookie will be saved in your browser. This cookie includes no personal data and simply indicates the post ID of the article you just edited. It expires after 1 day.

  • Most browsers allow you to refuse to accept cookies and to delete cookies. The methods for doing so vary from browser to browser, and from version to version.

  • Please note that blocking all cookies will have a negative impact upon the usability of many websites. If you block cookies, you may not be able to use all the features on our website.

The legal basis for this processing is consent OR our legitimate interests – namely the proper administration of our website and services. 

other WordPress data

  • Comments. When visitors leave comments on the site we collect the data shown in the comments form, and also the visitor’s IP address and browser user agent string to help spam detection. An anonymized string created from your email address (also called a hash) may be provided to the Gravatar service to see if you are using it. The Gravatar service privacy policy is available here: https://automattic.com/privacy/. After approval of your comment, your profile picture is visible to the public in the context of your comment. Visitor comments may be checked through an automated spam detection service. If you leave a comment, the comment and its metadata are retained indefinitely. This is so we can recognize and approve any follow-up comments automatically instead of holding them in a moderation queue.

  • Media. If you upload images to the website, you should avoid uploading images with embedded location data (EXIF GPS) included. Visitors to the website can download and extract any location data from images on the website.

  • Embedded content from other websites. Articles on this site may include embedded content (e.g. videos, images, articles, etc.). Embedded content from other websites behaves in the exact same way as if the visitor has visited the other website. These websites may collect data about you, use cookies, embed additional third-party tracking, and monitor your interaction with that embedded content, including tracing your interaction with the embedded content if you have an account and are logged in to that website.

  • Contact forms. To create contact forms on WordPress we use Ninja Forms. When you complete one of the contact forms on our site, we may request a number of pieces of personal information – such as your name, email address and other contact details. This is obviously required for us to respond to your request, and data is only processed if you submit an online form. Ninja Forms Privacy Policy.
The legal basis for this processing is consent OR our legitimate interests – namely the proper administration of our website and services. 

Google analytics
and other google data

We use the Google Analytics plugin to gain a better understanding with regards to how people use our website. 

  • Google Analytics gathers information about website use by means of cookies. The information gathered relating to our website is used to create reports about the use of our website. Google’s privacy policy is available at: https://www.google.com/policies/privacy/

  • When people visit HERO Movement, data regarding their visit (such as which pages they browse and how long they spend on each page) is sent via an anonymous form to Google Analytics. 

  • Personally identifiable information is never contained in the data sent to Google – there is no way to identify individuals from the data.

  • As analytics information is not personal data, we do not currently ask for your prior consent to collect this.

Other Google services we use at HERO Movement include:

  • Google Fonts: To ensure our website content is displayed in a clear and consistent fashion across a variety of devices and browsers.

  • Google Recaptcha: A security measure to prevent the abuse of contact forms by bots and automated programs.

  • Google Forms. If you choose to submit a feedback form or questionnaire, this may be used to collect anonymous data to improve our services (the type of content you like, the format of that content and potential services you may be interested in). If you are a paying online coaching client, data such as name, email address, contact details and any information related to your goals and medical conditions may also be stored to allow us to provide a service that is both safe and tailored towards your aims.

The legal basis for this processing is consent OR our legitimate interests – namely the proper administration of our website and business OR the performance of a contract between you and us and/or taking steps, at your request, to enter into such a contract.

 

Email Marketing Data

At HERO Movement we use Mailchimp as our email marketing provider. If you opt into our email newsletter, Mailchimp securely stores:

  • Your Name & Email. Used to provide newsletter updates and marketing messages, based on your chosen preferences. In some cases, if you choose to submit your name, this may be used to personalise messages to you.

  • Marketing interests & preferences. When you signup to ur newsletter, you can opt to select areas you are particularly interested in learning more about (Movement, Nutrition, Mindfulness, Adventure, Minimalism etc). This information is used to enhance our ability to provide you with content and services that are more tailored to your needs. Alongside this, you can select your preferences with regards to the type of emails you would like to receive from us – newsletter updates with free content, and/or emails about products and services.

  • IP Address. IP addresses do not allow us in any way to identify you as an individual, but can give a rough estimation of a country of residence. Mailchimp collects this data during the signup process when you submit an optin form. This data can be used to target email campaigns specific to a particular area (e.g highlighting a worskshop coming to a specific country)

MailChimp has certified to the EU-U.S. Privacy Shield Framework and Swiss-U.S. Privacy Shield Framework.

Furthermore, at HERO Movement we strive to use GDPR friendly opt-in forms to ensure you know exactly what you are signing up for, how your data will be used, and how you can opt out at any point in time.

The legal basis for this processing is consent OR our legitimate interests – namely the proper administration of our website and business OR the performance of a contract between you and us and/or taking steps, at your request, to enter into such a contract. 

IP Address data

When you visit HERO Movement a record of your visit is logged in our servers, and typically this record will include the technical ‘IP’ address that is associated with your device and the browser type and version that you are using. 

This is a common practice used to improve site performance and to detect and prevent any potentially malicious or fraudulent activity.

The legal basis for this data processing is our legitimate interests – namely monitoring and improving our website and services.

Credits

This document was created using a Contractology template, along with a template from SEQ Legal LLP, and design inspiration from Black Box Design

📲 The Hero App. Build heroic strength, mobility & endurance. Get all my programs, 1000’s of workouts & 150+ coaches in one place. Try your first month for $1