Privacy and Data Protection Policy

Privacy Policy

Privacy Policy


We are fully committed to full compliance with the requirements of the Data Protection Act 1998. We have a Data Protection Policy to ensure that the Company, and people working on its behalf (including employees, temporary staff, contractors, volunteers, consultants, partners and their staff) are aware of their obligations under the Data Protection Act 1998 and comply fully with that Act. 


We need to collect and use information about our members in order to operate and carry out our functions. These may include members of the public; current, past and prospective employees; members; customers and suppliers. In addition, we may be required by law to collect and use information in order to comply with the requirements of central government. We must handle this information properly, however it is collected, recorded and used, whether it is on paper, in computer records or recorded by other means. Treating information lawfully and appropriately is very important to our successful operations, and essential to maintaining confidence between us and those with whom we carry out business. We fully endorse and adhere to the Principles of the Data Protection Act 1998. 


We will: 
- Use personal data in an efficient and effective way to deliver better services 
- Strive to collect and process only the data or information which is needed 
- Use personal data only for those purposes described when we collect it, or for purposes which are legally permitted 
- Strive to ensure information is accurate 
- Only keep information for as long as necessary 
- Securely destroy data which is no longer needed 
- Ensure the appropriate technical and organisational security measures are in place to safeguard information (including unauthorised or unlawful processing and accidental loss or damage of data) 
- Ensure information is not transferred abroad without suitable safeguards 
- Ensure the public are informed about their rights to access information 
- Ensure that the rights of people about whom we hold information can be fully exercised under the Data Protection Act 1998 

Rights under the Data Protection Act 1998 include: 
- The right to access personal information within 40 days of request 
- The right to prevent processing in certain circumstances 
- The right to correct, rectify, block or erase information regarded as wrong information 


The Data Protection Act says that anyone processing personal data must comply with 8 principles of good practice. These principles are legally enforceable. In summary, they require that personal data: 
- Is processed fairly and lawfully and is not processed unless specific conditions are met 
- Is obtained only for one or more specified and lawful purposes and is not processed in any manner incompatible with that purpose or purposes 
- Is adequate, relevant and not excessive in relation to the purpose or purposes for which it is processed 
- Is accurate and kept up to date 
- Is not kept for longer than is necessary for the purpose or purposes 
- Is processed in accordance with the rights of data subjects under the Act 
- Is kept secure 
- Is not transferred to a country or territory outside the European Economic Area, unless that country or territory ensures an adequate level of data protection 


The personal information we collect might include your name, address, e-mail address, mobile phone number and date of birth. 


If you join one of our gyms, we may also ask for a fingerprint scan, as a condition of membership. This provides additional security for us and you that the person entering the gym is the registered member. 
- We do not store your fingerprint. We create a unique encrypted code from your fingerprint. The system charts the distance between certain ridges of a fingerprint and converts the information into an encrypted binary code. 
- There is no way to generate an image of your fingerprint from the scan taken. 
- The encrypted code is stored securely on our server. 
- This code is only recognised by our systems. It cannot be accessed or used by any third party outside of our access systems. 

Payment information 

Your payment information is not held by us, it is collected by our third party payment processors, who specialise in the secure online capture and processing of credit/debit card transactions. 


We use information held about you in the following ways: 
- To ensure that you can use our services; 
- To process a gym membership application; 
- To process orders that you have submitted; 
- To carry out our obligations arising from any contracts entered into by you and us; 
- To seek your views or comments on the services we provide; 
- To notify you of changes to our services; 
- To send you communications which you have requested and that may be of interest to you. These may include campaigns, appeals, fundraising, promotions; 
- To process a job application. 
- To allow you to participate in interactive features of our service, including online systems. 


- We will not sell or rent your information to third parties. 
- We will not share your information with third parties for their marketing purposes. 

The 24/7 Fitness Group 

We may disclose your personal information to any member of our group, which means our subsidiaries, our ultimate holding company and its subsidiaries, as defined in section 736 of the UK Companies Act 1985. 

Third Party Service Providers working on our behalf 

We may pass your information to our third party service providers, agents subcontractors and other associated organisations for the purposes of completing tasks and providing services to you on our behalf (for example our membership systems and to send you e-mail or text message communication). However, when we use third party service providers, we disclose only the personal information that is necessary to deliver the service and we have a contract in place that requires them to keep your information secure and not to use it for their own direct marketing purposes. Please be reassured that we will not release your information to third parties beyond the 24/7 Fitness Group for them to use for their own direct marketing purposes, unless you have requested us to do so, or we are required to do so by law, for example, by a court order or for the purposes of prevention of fraud or other crime. 

When you are using our secure online payment pages, your payment is processed by a third party payment processor, who specialises in the secure online capture and processing of credit/debit card transactions. If you have any questions regarding secure transactions, please contact us. 

We may transfer your personal information to a third party as part of a sale of some or all of our business and assets to any third party or as part of any business restructuring or reorganisation, or if we’re under a duty to disclose or share your personal data in order to comply with any legal obligation or to enforce or apply our terms of use or to protect the rights, property or safety of our supporters and customers. However, we will take steps with the aim of ensuring that your privacy rights continue to be protected. 


You have a choice about whether or not you wish to receive information from us. If you do not want to receive direct marketing communications from us about your local gym and our exciting products and services, then you can select your choices by ticking the relevant boxes situated on the form on which we collect your information. We will not contact you for marketing purposes by email, phone or text message unless you have given your prior consent. You can change your marketing preferences at any time by contacting us by email: 


The accuracy of your information is important to us. We’re working on ways to make it easier for you to review and correct the information that we hold about you. In the meantime, if you change email address, or any of the other information we hold is inaccurate or out of date, please email us at You have the right to ask for a copy of the information 24/7 Fitness hold about you. 


When you give us personal information, we take steps to ensure that it’s treated securely. Any sensitive information (such as credit or debit card details) is encrypted and protected with SSL. When you are on a secure page, a lock icon will appear on the bottom of web browsers such as Microsoft Internet Explorer. Non-sensitive details (your email address etc.) are transmitted normally over the Internet, and this can never be guaranteed to be 100% secure. As a result, while we strive to protect your personal information, we cannot guarantee the security of any information you transmit to us, and you do so at your own risk. Once we receive your information, we make our best effort to ensure its security on our systems. 

Where we have given (or where you have chosen) a password which enables you to access certain parts of our websites, you are responsible for keeping this password confidential. We ask you not to share your password with anyone. 


We may analyse your personal information to create a profile of your interests and preferences so that we can contact you with information relevant to you. We may make use of additional information about you when it is available from external sources to help us do this effectively. We may also use your personal information to detect and reduce fraud. 


Like many other websites, the 24/7 Fitness website uses cookies. 'Cookies' are small pieces of information sent by an organisation to your computer and stored on your hard drive to allow that website to recognise you when you visit. They collect statistical data about your browsing actions and patterns and do not identify you as an individual. For example, we use cookies to store your country preference. This helps us to improve our website and deliver a better more personalised service. It is possible to switch off cookies by setting your browser preferences. For more information on how to switch off cookies on your computer, visit our full cookies policy. Turning cookies off may result in a loss of functionality when using our website. 


Our website may contain links to other websites run by other organisations. This privacy policy applies only to our website‚ so we encourage you to read the privacy statements on the other websites you visit. We cannot be responsible for the privacy policies and practices of other sites even if you access them using links from our website. In addition, if you linked to our website from a third party site, we cannot be responsible for the privacy policies and practices of the owners and operators of that third party site and recommend that you check the policy of that third party site. 


As part of the services offered to you through this website, the information which you provide to us may be transferred to countries outside the European Union (“EU�). By way of example, this may happen if any of our servers are from time to time located in a country outside of the EU. These countries may not have similar data protection laws to the UK. By submitting your personal data, you’re agreeing to this transfer, storing or processing. If we transfer your information outside of the EU in this way, we will take steps to ensure that appropriate security measures are taken with the aim of ensuring that your privacy rights continue to be protected as outlined in this Policy. If you use our services while you are outside the EU, your information may be transferred outside the EU in order to provide you with those services.


Google Analytics is used to analyse traffic to this website. 


We keep this Policy under regular review. This Policy was last updated in October 2017.