Gymbox - PT added me on Facebook

steampowered

ThumbRemote wrote: »

You really don't have a clue what GDPR is about, so probably best to stop making things up.

Consumers must consent to how their data is used. Even if a customer gives you a phone number, you need to be clear about how you are going to use that. You certainly can't just use it to look people up online.

I am afraid you are incorrect on this one.

Organisations do not need consent to process personal data to market to their existing customers. The justification for processing in this scenario is 'legitimate interest'.

I would refer you to Recital 47 of the GDPR (note that the Recitals to European legislation are part of the legislation and legally binding) which specifically states that 'the processing of personal data for direct marketing purposes may be regarded as carried out for a legitimate interest'.

The PT is permitted under the GDPR to contact members of the gym (whether through text, email, facebook, whatever) to see if they might want to book PT sessions.

If the Op doesn't want to be contacted all they have to do is decline the friend request.

steampowered

marliepanda wrote: »

I really doubt this would fit, unless you expect every self employed window cleaner/PT/plumber to say 'I now have your phone number, freely given. Can I use this to text you? Sign here. Can I use this to call you? Sign here. Can I use this to speak to you on Whatsapp (only needs a number)? Sign here. Can I add you on facebook? Sign here.

Good point, and this is exactly why the GDPR (and the e-Privacy Directive, which regulates marketing in more detail than the GDPR) allows organisations to market to their existing customers without needing customer consent.

The ICO couldn't get involved even if they wanted to because there is no breach of law here.

takman

Deleted_User wrote: »

I recently joined Gymbox, and took advantage of my free PT session - however following this, the PT decided to add me on Facebook. I had only shared my first name and phone number with him at this point so felt quite uncomfortable that he had then decided to add me so I called the gym to cancel my membership and let them know why.

If people adding you makes you "uncomfortable" they why haven't you changed your setting to only allow friend requests from "friends of friends". This is what the privacy settings are for so use them!.

[Deleted User]

BoGoF wrote: »

I'm sure there is more to this story than has been divulged. OP happy to give her phone number to this guy originally.........

I actually suspect the OP saw this as an excuse to wriggle out of her gym contract. It seems to have backfired when the gym offered to sack the individual concerned, hence the OP being loathe to identify the personal trainer as part of her "complaint"

I could be wrong...

reason2

Apparently i need to rephrase my response as the S word is banned.

I believe this OP to be acting in an overly sensitive and delicate way.
Mountain out of a mole hill..
Over reaction..

declining to accept a social media request is sufficient in this example and every one can easily move on with their lives without the need to get some sort of social sympathy.

m0bov

OP should have ignored the request, it does seem a little creepy, you are a client, the trainer is a professional. I'd not expect the trainer to want to view your holiday pics, "check ins" and other "social" activities. Would my dentist/GP/plumber do this?

You have a professional relationship with the trainer not a social one. I'd wonder if the gym has a code of conduct for their trainers.

Having said that, I wouldn't make a big deal out of it - switch to another trainer or just ignore it. They have your contact number, so no need to establish another method of communication.

Blackbeard_of_Perranporth

Deleted_User wrote: »

I recently joined Gymbox, and took advantage of my free PT session - however following this, the PT decided to add me on Facebook. I had only shared my first name and phone number with him at this point so felt quite uncomfortable that he had then decided to add me so I called the gym to cancel my membership and let them know why.

Gymbox then proceeded to put me in a very inappropriate position by asking me if I wanted him fired from them gym, they also repeatedly pressed me for his name however as he had already accessed some of my personal details I was reluctant to share this. The final stance from the gym manager has been that they can change my home club (which defeats the point of my membership anyway as I am not near any other clubs) and that the t&cs state that PTs are not employed by Gymbox anyway so it's not their problem - even though they walk around in branded tshirts

I feel super uncomfortable going back to the gym this month and did just want them to refund the months membership but they have refused - does anyone have advice on next steps I could take?

Thanks!

As far as I am aware, the recipient has to accept the friend request! So if you don't want to be found, don't use social networks, Hannah.


Just the other week on Buckface, I found in four clicks Mothers maiden name (Picture of a woman with her mother) and her sons name. Flicking through I found his birthday, that was not listed! Picture of his 21st Birthday, some three years previous. Easy?

[Deleted User]

Blackbeard_of_Perranporth wrote: »

Just the other week on Buckface, I found in four clicks Mothers maiden name (Picture of a woman with her mother) and her sons name. Flicking through I found his birthday, that was not listed! Picture of his 21st Birthday, some three years previous. Easy?

Yes and, for many people, there is not even any requirement to "Friend" that person in order to access that information. If someone values their privacy so much, I'd suggest them setting their Facebook to be inaccessible to (most) others or not using social media at all.

ThumbRemote

steampowered wrote: »

I am afraid you are incorrect on this one.

Organisations do not need consent to process personal data to market to their existing customers. The justification for processing in this scenario is 'legitimate interest'.

I would refer you to Recital 47 of the GDPR (note that the Recitals to European legislation are part of the legislation and legally binding) which specifically states that 'the processing of personal data for direct marketing purposes may be regarded as carried out for a legitimate interest'.

The PT is permitted under the GDPR to contact members of the gym (whether through text, email, facebook, whatever) to see if they might want to book PT sessions.

If the Op doesn't want to be contacted all they have to do is decline the friend request.

steampowered wrote: »

Good point, and this is exactly why the GDPR (and the e-Privacy Directive, which regulates marketing in more detail than the GDPR) allows organisations to market to their existing customers without needing customer consent.

The ICO couldn't get involved even if they wanted to because there is no breach of law here.

It is interesting that you selectively quoted Recital 47. You omitted:

"At any rate the existence of a legitimate interest would need careful assessment including whether a data subject can reasonably expect at the time and in the context of the collection of the personal data that processing for that purpose may take place."
and
"The interests and fundamental rights of the data subject could in particular override the interest of the data controller where personal data are processed in circumstances where data subjects do not reasonably expect further processing."

The key words are 'Reasonably expect'. If providing your phone number, you would reasonably expect to be contacted by phone/text - not by any other means. You would also expect to be contacted in a business capacity only.

See https://ico.org.uk/for-organisations/guide-to-the-general-data-protection-regulation-gdpr/legitimate-interests/when-can-we-rely-on-legitimate-interests/

The ICO also makes it clear that any legitimate interest must have "a limited privacy impact", and states "it requires a risk assessment based on the specific context and circumstances to demonstrate that processing is appropriate." which I'd be amazed if it was done.

Blackbeard_of_Perranporth

Just FB'd Hannah Dee.


Interesting list with at least 6 with fully open profiles!