Gold’s Gym (UK) Limited (the Company, we, us or our) (company number: 04100418) of 29-30 Fitzroy Square, London, W1T 6LQ. The Company operates this website (www.www.goldsgym.co.uk) (the website).
Application of this policy
This policy applies to the personal data we process in relation to members, former members and individuals who are on our mailing list and to the use of that personal data in any form – whether oral, electronic or written.
For the purposes of the Data Protection Act 2018 and the General Data Protection Regulation (Regulation (EU) 2016/679) (together the data protection legislation). The controller of the personal data you provide to us is the Company.
In accordance with data protection legislation we are required to collect and process your personal data lawfully, fairly and in a transparent manner. This includes providing you with the information set out in this policy.
What Personal Data do we Collect from You?
The term “personal data” in this policy refers to data that does or can identify you as an individual either directly or indirectly.
The types of personal data that we process include, but are not limited to:
name, address, email address, telephone number, date of birth, gender, emergency contact information;
bank details for payment;
data captured on security systems including CCTV and turnstiles on entry into gym;
details of your visits to the website (including traffic data) and the resources that you access; and
we may occasionally take photographs or videos in our gyms for use on the website, on social media and in other marketing materials. If we do this we will ask you whether you are happy to be on the photograph/video and will not publish it without your consent.
Special Categories of Personal Data
There may be instances in which the personal data that you provide to us or we collect is considered to be special categories of personal data under data protection law. Special categories of personal data can include racial or ethnic origin; genetic data; biometric data for the purpose of identifying an individual; data concerning health or data concerning your sex life or sexual orientation.
Please note that we require certain personal data (including special categories of personal data which relates to your health status and your biometric data) in order to be able to provide you with access to the gym and for health and safety reasons. If you do not provide such information, this may impact our ability to offer the use of our services to you. Where we process special categories of personal data, we will ask you for your explicit consent in order to do this.
If you volunteer information to us that contains special categories of personal data, you will be regarded as giving your explicit consent to us processing it. We will seek to confirm with you that this is the case unless we have a legitimate reason for not doing so.
We collect personal data directly from you when you complete our forms, we contact you or you contact us, whether submitted on the website, electronically or in person.
How We Use Your Personal Data
We process personal data concerning members and those on our mailing list for a number of reasons which relate to providing our gym services to that member. These reasons include:
administering and managing your membership to the gym;
communicating with you, including to send marketing to you in respect of products, services and offers, which we feel will be of interest to you (unless you have opted out of receiving such marketing communications);
maintaining and improving the website; and
complying with applicable laws (g., laws governing health and safety and having in place appropriate insurance for our business activities).
The legal basis on which we rely for processing your data for these purposes is that the processing is necessary for the performance of a contract to which you are a party; complying with our legal obligations; and in order to fulfil our legitimate interests of providing you with an excellent standard of service, which includes providing you with information about products, services and offers that we feel will be of interest to you.
Where we send marketing communications by electronic means (such as phone, SMS or email) we will obtain your consent. Where you have provided consent, please note that you may withdraw it at any time. This shall not affect the lawfulness of any processing that was based on your consent before you withdrew it.
Monitoring in the Gym
There are CCTV cameras in operation within and around our gyms.
The legal basis on which we rely in respect of using CCTV is that this processing is necessary for the purposes of a legitimate interest pursued by the Company. For example, images recorded may be used for the following purposes:
to prevent and detect crime in our gyms;
to protect the health and safety of members, colleagues and visitors; and
to manage and protect our property and the property of our members, visitors and colleagues.
Where we Store your Data and Transfers
We store your personal data on our servers which are located within the European Economic Area (EEA), however, we may need to transfer data outside the EEA as a result of some of the service providers we use.
The main third parties we use are:
EZ Runner Systems, which is a company based in the UK that provides the Company with our Leisure Management System and web based booking system;
DataCash is a company based in the UK that provides the Company with payment services for online transactions;
Mailchimp is a company based in the US that provides email marketing services to the Company. Mailchimp will not send any marketing communications directly to you unless it is on our behalf.
TextAnywhere is a company based in the UK that provides SMS services to the Company. TextAnywhere will not send any marketing communications directly to you unless it is on our behalf.
Technogym which manufactures fitness equipment. Personal information may be stored to update you on your progress if you choose to opt in and use the interface built into the machines.
From time to time we may engage other third parties to provide us with services which we believe will ultimately benefit our members. Where we outsource the processing of your personal data to third parties or provide your personal data to third party service providers (this can include your data being transferred outside of the EEA), we oblige those third parties to protect your personal data in accordance with the terms and conditions of this policy and applicable data protection legislation, with appropriate security measures. Please ask us if you would like to see a copy of these agreements with third parties in respect of data transfers.
We reserve the right to disclose any personal data we have concerning you if we are required to do so by a court of law or requested to do so by the Police or a government body or if we determine it is necessary or desirable to comply with the law or to protect or defend our rights or property in accordance with applicable laws. We also reserve the right to retain personal data collected and to process such personal data to comply with accounting, tax rules, regulations and any specific record retention laws.
Protecting Your Personal Data
The personal data we collect from you is stored by us and/or our service providers on databases protected through a combination of physical and electronic access controls, firewall technology and other reasonable security measures. Nevertheless, such security measures cannot prevent all loss, misuses or alteration of personal data and we are not responsible for any damages or liabilities relating to any such incidents which are outside our control. Where required under law, we will notify you of any such loss, misuse or alteration of personal data that may affect you, so that you can take the appropriate actions for the due protection of your rights.
How Long do we Store your Personal Data?
We retain CCTV images for up to 28 calendar days (club dependent and based on local system), however this period may be extended when we have a reason to investigate footage or have been requested to retain the footage by the Police, for example.
We will retain your personal data for up to seven years starting the day after your membership ends, after which point the personal data will be destroyed. If you are not a member but you have agreed to receive marketing from us, we will hold your contact details for marketing purposes for a reasonable period or unless you request otherwise.
Your personal data is protected under data protection laws and you have a number of rights (explained below) which you can seek to exercise. Please contact us using the details shown below if you wish to do so, or if you have any queries in relation to your rights. If you seek to exercise your rights we will explain to you whether or not the right applies to you; these rights do not apply in all circumstances.
Right of access – You have a right to access the personal data we hold about you upon request. This is known as a "Data Subject Access Request". You can exercise this right by making a request in writing, by email or by telephone using the contact details in the contact section below.
Right of rectification – You can ask us to correct or update your personal data to ensure it is accurate and complete.
Right to erasure and right to restrict processing – You can ask us to stop processing and/or to delete your personal data in certain circumstances (for example, where it is processed with your consent, or it is no longer necessary for us to process it).
Right to data portability – You have a right to ask us to provide you with your personal data in a form that suits you, and/or to provide your information to a third party.
Right to object – You have a right to object to our processing of your personal data.
Profiling and automated decisions – You have a right not to be subject to automated decisions which have a legal effect and to be protected by safeguards in respect of any profiling. We do not undertake any automated decision making or profiling which produces legal effects or significantly affects our members or those on our mailing list.
Right to object to direct marketing – Where you have consented to receive direct marketing, you can change your mind at any time by contacting us or following the link to "unsubscribe" provided in each email and SMS we send to you. Please allow a few days for us to action your request.
Contact and Complaints
If you have any questions, would like to exercise any of your rights, please contact the Data Controller by:
Writing to us at: Gold’s Gym, 1 Manor Parade, Sheepcote Road, Harrow,Middlesex,HA1 2JN;
Emailing us at: firstname.lastname@example.org; or
Calling us on: 0208 901 6161.
Please note that you also have the right to lodge a complaint with the ICO by writing to Exchange Tower, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF; or telephoning 0303 123 1113. For further information, the ICO's website can be accessed at www.ico.org.uk.
Links to other Websites
Security and Liability
In order to comply with our obligations under Data Protection law, we will protect your personal data from unauthorised access, misuse, alteration or loss by using commercially reasonable security measures. Any payment transactions will be encrypted using SSL technology.
Nothing in this policy in any way excludes or limits our liability for negligence causing death or personal injury or for fraudulent misrepresentation.
Unfortunately the transmission of information via the internet is not completely secure. Although we will do our best to protect your personal data, we cannot guarantee the security of any data transmitted to our site; any transmission will be at your own risk.
We are not responsible or liable to you for any loss or damage you may suffer or incur in connection with your use of our online services which is caused by any event beyond our reasonable control including the electronic transmission of information, content, material and data over the internet and the interception and decryption of it by others.
We are not responsible to you for any losses or damage you may suffer caused by any distributed denial-of-service attack, or any viruses, trojans, worms, logic bombs or other material which is malicious or technologically harmful and which may infect, contaminate or damage your computer equipment or computer programs, or cause damage to software or damage to or loss of data unless caused by our negligence. You should ensure that you use appropriate virus checking software and firewalls.
Whilst we have taken reasonable steps to ensure the accuracy, currency, correctness and completeness of the information contained on our website, we do not check, review, monitor, verify or endorse any information, content, material or data collected from or provided by third parties which is displayed on or is otherwise available from our website or any third party websites or services which you can access from our site. We are not responsible to you for any loss, damage or injury you may suffer or incur in connection with such information, content, material or data. It is your responsibility to check that such information, content, material or data is accurate, current, correct and complete.
If your personal data is accessed by an unauthorised third party, we will not be responsible for any direct or indirect damage caused as a result of such unauthorised access.
Where we have given you a password which enables you to access certain parts of our site, you are responsible for keeping this password confidential. We ask you not to share your password with anyone.
Whilst we take all reasonable steps to ensure that our website continues to be available there may be times when it is not available. This may be for reasons relating to the maintenance of, or alterations to, the website or for reasons beyond our control. We are not responsible to you if the website is unavailable.