Privacy and Data Protection Policy

Privacy Notices

Privacy Notices

Website

This privacy notice tells you about the information we collect from you when you use our website. In collecting this information, we are acting as a data controller and, by law, we are required to provide you with information about us, about why and how we use your data, and about the rights you have over your data. 

How we use your information 

When you use our website to browse our products and services and view the information we make available, a number of cookies are used by us and by third parties to allow the website to function, to collect useful information about visitors and to help to make your user experience better. Some of the cookies we use are strictly necessary for our website to function, and we don’t ask for your consent to place these on your computer. These cookies are shown below.


As well as the cookies we use, various third parties also place them on your computer, with your consent. These are shown below.

Memberships

This privacy notice tells you about the information we collect from you when you purchase one or more of our products or services via our website or in-club, and when you access our facilities through your membership. In collecting and processing this information, we are acting as a data controller and, by law, we are required to provide you with information about us, about why and how we use your data, and about the rights you have over your data.

What personal data do we collect? 

When you purchase memberships or products from us, we may ask you for personal data including your name, address, gender, date of birth, contact telephone number and email address. Your payment information is not held by us, it is collected and stored securely by our third party payment processors, PayPal and DFC. PayPal is situated in the USA. They participate in the EU/US Privacy Shield agreement which commits them to providing adequate safeguards over your personal data. DFC is based in the UK. Our contract with these suppliers contains appropriate clauses to protect your information. 

We may ask for a fingerprint scan, as a condition of membership. This provides additional security for us and you that the person entering the gym is the registered member. 
  • We do not store your fingerprint. We create a unique encrypted binary code from your fingerprint. The system charts the distance between certain ridges of a fingerprint and converts the information into an encrypted binary code. 
  • There is no way to generate an image of your fingerprint from the scan taken. 
  • The encrypted code is stored securely on our server. 
  • This code is only recognised by our systems. It cannot be accessed or used by any third party outside of our access systems. 
We also collect data in our gyms through our CCTV system. Please see our CCTV privacy notice for more information. 

Why do we collect this information? 

We will use your information to process your order and to send you your membership details. We will send you a receipt via email. We may use your telephone number or email address to contact you regarding your purchase or your contract with us. This includes, but is not limited to, class booking confirmations, your website account information, and supporting health and fitness resources and programmes that may be of interest to you. We require this information in order to process your payment and fulfil our contract with you. 

What do we do with your information?

The information we capture is stored in our online system which is based with the UK. It is also shared with a number of third party processors, for the purpose of delivering our contractual obligations to you. The providers of these system are contractually bound to provide adequate safeguards over your personal data. These are shown below.

We do not use the information you provide to make any automated decisions that might affect you.

How long do we keep your membership information for? 

We keep your personal information for two years after your membership expires. The personal information associated with the membership will then be removed.

Marketing 

This privacy notice tells you about the information we collect from you when you sign up to receive marketing information via our website. In collecting this information, we are acting as a data controller and, by law, we are required to provide you with information about us, about why and how we use your data, and about the rights you have over your data. 

What personal data do we collect? 

When you subscribe, we ask you for your name, your email address, telephone number, and the gym you are interested in. We may also ask you about your personal goals, including weight loss or general fitness.

Why do we collect this information? 

We will use your information to send you details of our products and services by email and/or SMS. These messages often includes special offers. We ask for your consent to do this, and we will only send you messages for as long as you continue to consent. 

What do we do with your information? 

This information is shared with a third party email management tool which is situated in the USA. They participate in the EU/US Privacy Shield agreement which commits them to providing adequate safeguards over your personal data. Your information is also shared with a third party SMS tool, which is based in the UK. Our contract with these suppliers contains appropriate clauses to protect your information. We will not use the information to make any automated decisions that might affect you. 

How long do we keep your marketing information for? 

Your information is kept for as long as you continue to consent to receive our messages. You can also ask us to stop using your information – the simplest way to do this is to withdraw your consent, which you can do at any time, either by clicking the unsubscribe link at the end of any email or SMS, or by emailing or writing to us using the contact details above.

Helpdesk 

 This privacy notice tells you about the information we collect from you when you submit an enquiry to us via our website. In collecting this information, we are acting as a data controller and, by law, we are required to provide you with information about us, about why and how we use your data, and about the rights you have over your data. 

What personal data do we collect? 

When you submit an enquiry to us, we ask you for your name, your email address and a brief description of your enquiry. 

Why do we collect this information? 

We will use your information to respond to your enquiry and hopefully to provide you with the information you need. We do this in order to take steps at your request prior to entering into a contract i.e. as part of pre-sales activity, or as part of our contract with you i.e. post-joining support. 

What do we do with your information? 

Your information is stored in our website system, which is hosted in the UK. It is also shared with a third party helpdesk system, Zendesk, which is hosted in the USA. They participate in the EU/US Privacy Shield agreement which commits them to providing adequate safeguards over your personal data. Our contract with this supplier contains appropriate clauses to protect your information. We will read your message and normally respond to you either via telephone or via email. You will normally receive a follow-up message by email asking you to rate and review the support you have received from us. This helps us deliver the best possible service. We will not use the information to make any automated decisions that might affect you. 

How long do we keep your helpdesk information for? 

Your enquiry is kept in our website and helpdesk system for one year and then archived.

CCTV 

This privacy notice tells you about the information we collect about you via CCTV when you use our gyms. In collecting this information, we are acting as a data controller and, by law, we are required to provide you with information about us, about why and how we use your data, and about the rights you have over your data. 

What personal data do we collect? 

Our gyms are monitored by CCTV 24 hours a day. 24/7 Fitness reserves the right for its employees and contractors to review footage as required and by entering any of our gyms you consent to your image being recorded and reviewed and waive any and all claims in relation to the same. 

All cameras are located in prominent positions within public and staff view and do not infringe on sensitive areas. All CCTV surveillance is automatically recorded and any breach of this siting policy will be detected via controlled access to the CCTV System and auditing of the CCTV System. 

The images produced by the equipment will as far as possible be of a quality that is effective for the purpose(s) for which they are intended. Upon installation, all equipment is tested to ensure that only the designated areas are monitored and suitable quality pictures are available in live and play back mode. All CCTV equipment is maintained under contract. 

Prior to any camera installation we will ensure that the installation complies with this policy and that the use of any camera is justified, necessary and proportionate. We will regularly assess whether the use of any camera and the CCTV System as a whole continues to be justified, necessary and proportionate. 

Why do we collect this information? 

The purpose of the use of the CCTV Systems and the collection and processing of CCTV images is for: 

  1. the prevention or detection of crime or disorder, 
  2. apprehension and prosecution of offenders (including use of images as evidence in criminal proceedings), 
  3. interest of public and employee Health and Safety,
  4. protection of public health
  5. the protection of the our property and assets. 

What do we do with your information? 

Recorded CCTV footage will be stored securely and retained in compliance with the GDPR. All images are digitally recorded and stored securely within the system’s hard drives. Viewing of images within the system is controlled by the Data Protection Officer or a person nominated to act on their behalf. Only persons trained in the use of the equipment can access data. How long do we keep your information for? Images are stored for a minimum of 14 days, and stored for no more than 40 days. 

Where the images are required for evidential purposes or disciplinary proceedings, a copy file will be moved to an access controlled confidential location on the network and held until completion of the investigation. 

Who has access to my information? 

Access to, and disclosure of, the images recorded by our CCTV System and similar surveillance equipment is restricted and carefully controlled. This ensures that the rights of individuals are preserved and the continuity of evidence remains intact should the images be required for evidential purposes e.g. a police enquiry or an investigation being undertaken as part of an internal procedure. Access to the medium on which the images are displayed and recorded is restricted to the Data Protection Officer, staff authorised by them and third parties as authorised from time to time for specific purposes. Access to and disclosure of images is permitted only if it supports the purpose for which such images were collected. 

Your rights over your CCTV data 

You have the right to request access to CCTV images which contain your personal data. This access request must be submitted formally in writing, with sufficient details to identify the section of footage with which you are concerned and to enable 24/7 Fitness to satisfy itself that the person making the request is the data subject of that specific recording. Upon receipt of the request, the Data Protection Officer, or another member of staff authorised by them, will determine whether disclosure is appropriate and whether there is a duty of care to protect the images of any third parties. If the duty of care cannot be discharged then the request can be refused. A written response will be made to the individual, giving the decision (and if the request has been refused, giving reasons) within 31 days of receipt of the request.

Your rights as a data subject 

  • By law, you can ask us what information we hold about you, and you can ask us to correct it if it is inaccurate. 
  • If we have asked for your consent to process your personal data, you may withdraw that consent at any time. 
  • If we are processing your personal data for reasons of consent or to fulfil a contract, you can ask us to give you a copy of the information in a machine-readable format so that you can transfer it to another provider. 
  • If we are processing your personal data for reasons of consent or legitimate interest, you can request that your data be erased. 
  • You have the right to ask us to stop using your information for a period of time if you believe we are not doing so lawfully. 
  • Finally, in some circumstances you can ask us not to reach decisions affecting you using automated processing or profiling. 
To submit a request regarding your personal data by email, post or telephone, please use the contact information provided above in the Who Are We section of this policy.

Your right to complain 

If you have a complaint about our use of your information, we would prefer you to contact us directly in the first instance so that we can address your complaint. However, you can also contact the Information Commissioner’s Office via their website at www.ico.org.uk/concerns or write to them at: Information Commissioner's Office Wycliffe House Water Lane Wilmslow Cheshire SK9 5AF