We'd like to remind Forumites to please avoid political debate on the Forum... Read More »
📨 Have you signed up to the Forum's new Email Digest yet? Get a selection of trending threads sent straight to your inbox daily, weekly or monthly!
Gymbox - PT added me on Facebook
Options
Comments
-
Deleted_User wrote: »I feel super uncomfortable going back to the gym this month
Try super hard to get over it.0 -
Has he requested you as a friend or has he added to a facebook group for his clients,
You can decline a request, remove yourself from a group or unfriend a friend.0 -
It's a clear breach of the GDPRs. Suggest that the gym refund you the money, otherwise you'll report it to the Information Commissioners Office (ICO).
https://ico.org.uk/for-organisations/guide-to-the-general-data-protection-regulation-gdpr/personal-data-breaches/0 -
ThumbRemote wrote: »It's a clear breach of the GDPRs. Suggest that the gym refund you the money, otherwise you'll report it to the Information Commissioners Office (ICO).
https://ico.org.uk/for-organisations/guide-to-the-general-data-protection-regulation-gdpr/personal-data-breaches/
Which part of GDPR involves using information freely given to a person being used to add someone on social media. The information wasn’t given to the gym, it was given to the PT.
I await with baited breath.0 -
I doubt OP will be back but it is still not clear what the PT actually did......did he send a friend request which op could have declined or did he add her to a client group or similar?
I'm sure there is more to this story than has been divulged. OP happy to give her phone number to this guy originally.........0 -
Lots of people have thousands of 'friends' on facebook, and its an automatic thing just to add new acquintances.Deleted_User wrote: »I recently joined Gymbox, and took advantage of my free PT session - however following this, the PT decided to add me on Facebook. I had only shared my first name and phone number with him at this point so felt quite uncomfortable that he had then decided to add me...
If you want to keep your account more private then I'd recommend having a good look at your privacy settings.0 -
marliepanda wrote: »Which part of GDPR involves using information freely given to a person being used to add someone on social media. The information wasn!!!8217;t given to the gym, it was given to the PT.
I await with baited breath.
Well, under Article 6 of GDPR it sets out the conditions for processing data in a lawful manner provided that one of the conditions applies. Of those conditions there are only two that seem to fit the bill:
"(a) the data subject has given consent to the processing of his or her personal data for one or more specific purposes;
(f) processing is necessary for the purposes of the legitimate interests pursued by the controller or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data, in particular where the data subject is a child."
The OP says she took advantage of a free PT session at the gym and offered up her name and telephone number, however the OP has not given an explanation as to the reasons why she handed this information over nor has she told us why the PT required this information. Taking the assumption that it was to arrange a time and date for the free PT session then Condition (a) above would apply but only in the sense that she has given her information for the specific purpose of arranging a time and date for the PT session. The OP has not suggested that she consented to the PT using that information other than to arrange (presumably) the free PT session.
So, by using the information the PT had been given by the OP to find and locate her on Facebook then that would suggest a breach of GDPR because it would fall outside of Condition (a) above. However, you might say that using her information to add her on Facebook is to pursue a legitimate interest i.e. offer cheaper sessions than what is being offered at Gymbox, but is it strictly necessary? Probably not because the PT had her number and if he wanted to offer cheaper sessions he could have done so by sending her a text message or he could have called her instead - it was not strictly necessary to find her on Facebook and add her for that specific reason when there were other methods of achieving the same thing. If the PT wanted to add her to the PT's Facebook group of clients then again he could have contacted her by phone or text message or, he could have sent her a message (assuming this was possible) on Facebook prior to adding her as a friend.
I know a few female friends who have signed up to the gym who have been added by their PT's after doing sessions with them thinking it was no harm and that they might have wanted to offer cheaper sessions or join their PT's Facebook group but instead they were being harassed or asked to go out for drinks on dates etc. I don't think it would be fair to automatically assume the PT's intentions either way.
Of course, there is also the issue as to whether the PT (or Gymbox) had explained to the OP what they would be using her data for. If it was made clear that the PT might add clients on Facebook then that should be clearly explained and the reasons why in the privacy notice.
I wouldn't agree with ThumbRemote entirely that it "is a clear breach of GDPR" because there are some gaps in the information supplied by the OP. But in the absence of those missing gaps of information, it would on the face of it, seem to suggest that the OP didn't get her permission for the PT to use her data in the way that he did and that would indicate a breach of GDPR.
Whether the OP is over-reacting, we are all different and perhaps she has had a bad experience with PT's previously doing the same thing? We are all different and whilst it may seem harmless, it still isn't right for someone to just do that if they haven't got their consent.0 -
So, by using the information the PT had been given by the OP to find and locate her on Facebook then that would suggest a breach of GDPR because it would fall outside of Condition (a) above. However, you might say that using her information to add her on Facebook is to pursue a legitimate interest i.e. offer cheaper sessions than what is being offered at Gymbox, but is it strictly necessary? Probably not because the PT had her number and if he wanted to offer cheaper sessions he could have done so by sending her a text message or he could have called her instead - it was not strictly necessary to find her on Facebook and add her for that specific reason when there were other methods of achieving the same thing. If the PT wanted to add her to the PT's Facebook group of clients then again he could have contacted her by phone or text message or, he could have sent her a message (assuming this was possible) on Facebook prior to adding her as a friend.
I know a few female friends who have signed up to the gym who have been added by their PT's after doing sessions with them thinking it was no harm and that they might have wanted to offer cheaper sessions or join their PT's Facebook group but instead they were being harassed or asked to go out for drinks on dates etc. I don't think it would be fair to automatically assume the PT's intentions either way.
Of course, there is also the issue as to whether the PT (or Gymbox) had explained to the OP what they would be using her data for. If it was made clear that the PT might add clients on Facebook then that should be clearly explained and the reasons why in the privacy notice.
I wouldn't agree with ThumbRemote entirely that it "is a clear breach of GDPR" because there are some gaps in the information supplied by the OP. But in the absence of those missing gaps of information, it would on the face of it, seem to suggest that the OP didn't get her permission for the PT to use her data in the way that he did and that would indicate a breach of GDPR.
Whether the OP is over-reacting, we are all different and perhaps she has had a bad experience with PT's previously doing the same thing? We are all different and whilst it may seem harmless, it still isn't right for someone to just do that if they haven't got their consent.
I really doubt this would fit, unless you expect every self employed window cleaner/PT/plumber to say 'I now have your phone number, freely given. Can I use this to text you? Sign here. Can I use this to call you? Sign here. Can I use this to speak to you on Whatsapp (only needs a number)? Sign here. Can I add you on facebook? Sign here.
If anyone thinks the ICO would give two hoots about someone with a name and number given to them personally, not their umbrella company, adding them on facebook, they really think they have nothing else to do...0 -
marliepanda wrote: »I really doubt this would fit, unless you expect every self employed window cleaner/PT/plumber to say 'I now have your phone number, freely given. Can I use this to text you? Sign here. Can I use this to call you? Sign here. Can I use this to speak to you on Whatsapp (only needs a number)? Sign here. Can I add you on facebook? Sign here.
If anyone thinks the ICO would give two hoots about someone with a name and number given to them personally, not their umbrella company, adding them on facebook, they really think they have nothing else to do...
You really don't have a clue what GDPR is about, so probably best to stop making things up.
Consumers must consent to how their data is used. Even if a customer gives you a phone number, you need to be clear about how you are going to use that. You certainly can't just use it to look people up online.
If the trainer has tried to add them as a personal friend, rather than to a business page, that's an even more serious GDPR issue as it's very likely a data breach.
And yes, your first paragraph is exactly what the GDPR does require. Consent for how your data is to be used.0 -
ThumbRemote wrote: »You really don't have a clue what GDPR is about, so probably best to stop making things up.
Consumers must consent to how their data is used. Even if a customer gives you a phone number, you need to be clear about how you are going to use that. You certainly can't just use it to look people up online.
If the trainer has tried to add them as a personal friend, rather than to a business page, that's an even more serious GDPR issue as it's very likely a data breach.
And yes, your first paragraph is exactly what the GDPR does require. Consent for how your data is to be used.
GDPR is mostly to do with how data is stored, rather than used. Its not the catch all 'delete me off your system!' everyone is scared of. Its not to be used in utterly pointless situations like this.
However I 100% implore thew OP to report this to the ICO. They'll be all over it. Fines for everyone involved in this horrorshow.0
![[Deleted User]](https://us-noi.v-cdn.net/6031891/uploads/defaultavatar/nFA7H6UNOO0N5.jpg)
This discussion has been closed.
Confirm your email address to Create Threads and Reply
Categories
- All Categories
- 351.2K Banking & Borrowing
- 253.2K Reduce Debt & Boost Income
- 453.7K Spending & Discounts
- 244.2K Work, Benefits & Business
- 599.3K Mortgages, Homes & Bills
- 177K Life & Family
- 257.6K Travel & Transport
- 1.5M Hobbies & Leisure
- 16.2K Discuss & Feedback
- 37.6K Read-Only Boards