DATA PROTECTION AND PRIVACY STATEMENT
We are fully committed to full compliance with the requirements of the Data Protection Act 1998.
We have a Data Protection Policy to ensure that the Company, and people working on its behalf
(including employees, temporary staff, contractors, volunteers, consultants, partners and their staff)
are aware of their obligations under the Data Protection Act 1998 and comply fully with that Act.
STATEMENT OF POLICY
We need to collect and use information about our members in order to operate and carry out our
functions. These may include members of the public; current, past and prospective employees;
members; customers and suppliers. In addition, we may be required by law to collect and use
information in order to comply with the requirements of central government. We must handle this
information properly, however it is collected, recorded and used, whether it is on paper, in
computer records or recorded by other means.
Treating information lawfully and appropriately is very important to our successful operations, and
essential to maintaining confidence between us and those with whom we carry out business. We
fully endorse and adhere to the Principles of the Data Protection Act 1998.
HANDLING PERSONAL/SENSITIVE DATA
â€¢ Use personal data in an efficient and effective way to deliver better services
â€¢ Strive to collect and process only the data or information which is needed
â€¢ Use personal data only for those purposes described when we collect it, or for purposes
which are legally permitted
â€¢ Strive to ensure information is accurate
â€¢ Only keep information for as long as necessary
â€¢ Securely destroy data which is no longer needed
â€¢ Ensure the appropriate technical and organisational security measures are in place to
safeguard information (including unauthorised or unlawful processing and accidental loss or
damage of data)
â€¢ Ensure information is not transferred abroad without suitable safeguards
â€¢ Ensure the public are informed about their rights to access information
â€¢ Ensure that the rights of people about whom we hold information can be fully exercised
under the Data Protection Act 1998
Rights under the Data Protection Act 1998 include:
â€¢ The right to access personal information within 40 days of request
â€¢ The right to prevent processing in certain circumstances
â€¢ The right to correct, rectify, block or erase information regarded as wrong information
THE PRINCIPLES OF DATA PROTECTION
The Data Protection Act says that anyone processing personal data must comply with 8 principles of
good practice. These principles are legally enforceable.
In summary, they require that personal data:
â€¢ Is processed fairly and lawfully and is not processed unless specific conditions are met
â€¢ Is obtained only for one or more specified and lawful purposes and is not processed in any
manner incompatible with that purpose or purposes
â€¢ Is adequate, relevant and not excessive in relation to the purpose or purposes for which it is
â€¢ Is accurate and kept up to date
â€¢ Is not kept for longer than is necessary for the purpose or purposes
â€¢ Is processed in accordance with the rights of data subjects under the Act
â€¢ Is kept secure
â€¢ Is not transferred to a country or territory outside the European Economic Area, unless that
country or territory ensures an adequate level of data protection
WHAT TYPE OF INFORMATION IS COLLECTED FROM
The personal information we collect might include your name, address, e-mail address, mobile
phone number and date of birth.
If you join one of our gyms, we may also ask for a fingerprint scan, as a condition of membership.
This provides additional security for us and you that the person entering the gym is the registered
â€¢ We do not store your fingerprint. We create a unique encrypted code from your fingerprint.
The system charts the distance between certain ridges of a fingerprint and converts the
information into an encrypted binary code.
â€¢ There is no way to generate an image of your fingerprint from the scan taken.
â€¢ The encrypted code is stored securely on our server.
â€¢ This code is only recognised by our systems. It cannot be accessed or used by any third party
outside of our access systems.
Your payment information is not held by us, it is collected by our third party payment processors,
who specialise in the secure online capture and processing of credit/debit card transactions.
HOW DO WE USE YOUR DATA?
We use information held about you in the following ways:
â€¢ To ensure that you can use our services;
â€¢ To process a gym membership application;
â€¢ To process orders that you have submitted;
â€¢ To carry out our obligations arising from any contracts entered into by you and us;
â€¢ To seek your views or comments on the services we provide;
â€¢ To notify you of changes to our services;
â€¢ To send you communications which you have requested and that may be of interest to you.
These may include campaigns, appeals, fundraising, promotions;
â€¢ To process a job application.
â€¢ To allow you to participate in interactive features of our service, including online systems.
WHO HAS ACCESS TO YOUR INFORMATION?
â€¢ We will not sell or rent your information to third parties.
â€¢ We will not share your information with third parties for their marketing purposes.
The 24/7 Fitness Group
We may disclose your personal information to any member of our group, which means our
subsidiaries, our ultimate holding company and its subsidiaries, as defined in section 736 of the UK
Companies Act 1985.
Third Party Service Providers working on our behalf
We may pass your information to our third party service providers, agents subcontractors and other
associated organisations for the purposes of completing tasks and providing services to you on our
behalf (for example our membership systems and to send you e-mail or text message
communication). However, when we use third party service providers, we disclose only the personal
information that is necessary to deliver the service and we have a contract in place that requires
them to keep your information secure and not to use it for their own direct marketing purposes.
Please be reassured that we will not release your information to third parties beyond the 24/7
Fitness Group for them to use for their own direct marketing purposes, unless you have requested us to do so, or we are required to do so by law, for example, by a court order or for the purposes of
prevention of fraud or other crime.
When you are using our secure online payment pages, your payment is processed by a third party
payment processor, who specialises in the secure online capture and processing of credit/debit card
transactions. If you have any questions regarding secure transactions, please contact us.
We may transfer your personal information to a third party as part of a sale of some or all of our
business and assets to any third party or as part of any business restructuring or reorganisation, or if
weâ€™re under a duty to disclose or share your personal data in order to comply with any legal
supporters and customers. However, we will take steps with the aim of ensuring that your privacy
rights continue to be protected.
You have a choice about whether or not you wish to receive information from us. If you do not want
to receive direct marketing communications from us about your local gym and our exciting products
and services, then you can select your choices by ticking the relevant boxes situated on the form on
which we collect your information.
We will not contact you for marketing purposes by email, phone or text message unless you have
given your prior consent. You can change your marketing preferences at any time by contacting us
by email: firstname.lastname@example.org
HOW YOU CAN ACCESS AND UPDATE YOUR
The accuracy of your information is important to us. Weâ€™re working on ways to make it easier for
you to review and correct the information that we hold about you. In the meantime, if you change
email address, or any of the other information we hold is inaccurate or out of date, please email us
You have the right to ask for a copy of the information 24/7 Fitness hold about you.
When you give us personal information, we take steps to ensure that itâ€™s treated securely. Any
sensitive information (such as credit or debit card details) is encrypted and protected with SSL.
When you are on a secure page, a lock icon will appear on the bottom of web browsers such as
Microsoft Internet Explorer.
Non-sensitive details (your email address etc.) are transmitted normally over the Internet, and this
can never be guaranteed to be 100% secure. As a result, while we strive to protect your personal
information, we cannot guarantee the security of any information you transmit to us, and you do so
at your own risk. Once we receive your information, we make our best effort to ensure its security
on our systems.
Where we have given (or where you have chosen) a password which enables you to access certain
parts of our websites, you are responsible for keeping this password confidential. We ask you not to
share your password with anyone.
We may analyse your personal information to create a profile of your interests and preferences so
that we can contact you with information relevant to you. We may make use of additional
information about you when it is available from external sources to help us do this effectively. We
may also use your personal information to detect and reduce fraud.
USE OF 'COOKIES'
information sent by an organisation to your computer and stored on your hard drive to allow that
website to recognise you when you visit. They collect statistical data about your browsing actions
country preference. This helps us to improve our website and deliver a better more personalised
It is possible to switch off cookies by setting your browser preferences. For more information on
how to switch off cookies on your computer, visit our full cookies policy. Turning cookies off may
result in a loss of functionality when using our website.
LINKS TO OTHER WEBSITES
applies only to our websiteâ€š so we encourage you to read the privacy statements on the other
websites you visit. We cannot be responsible for the privacy policies and practices of other sites
even if you access them using links from our website.
In addition, if you linked to our website from a third party site, we cannot be responsible for the
privacy policies and practices of the owners and operators of that third party site and recommend
that you check the policy of that third party site.
TRANSFERRING YOUR INFORMATION OUTSIDE OF
As part of the services offered to you through this website, the information which you provide to us
may be transferred to countries outside the European Union (â€œEUâ€?). By way of example, this may
happen if any of our servers are from time to time located in a country outside of the EU. These
countries may not have similar data protection laws to the UK. By submitting your personal data,
youâ€™re agreeing to this transfer, storing or processing. If we transfer your information outside of the
EU in this way, we will take steps to ensure that appropriate security measures are taken with the
aim of ensuring that your privacy rights continue to be protected as outlined in this Policy.
If you use our services while you are outside the EU, your information may be transferred outside
the EU in order to provide you with those services.
Google Analytics is used to analyse traffic to this website.
REVIEW OF THIS POLICY
We keep this Policy under regular review. This Policy was last updated in October 2017.