Gold’s Gym (UK) Limited (the Company, we, us or our) (company number: 04100418) of 29-30 Fitzroy Square, London, W1T 6LQ. The Company operates this website (www.goldsgym.co.uk) (the website).
Application of this policy
This policy applies to the personal data we process in relation to members, former members and individuals who are on our mailing list and to the use of that personal data in any form – whether oral, electronic or written.
For the purposes of the Data Protection Act 2018 and the General Data Protection Regulation (Regulation (EU) 2016/679) (together the data protection legislation). The controller of the personal data you provide to us is the Company.
In accordance with data protection legislation we are required to collect and process your personal data lawfully, fairly and in a transparent manner. This includes providing you with the information set out in this policy.
What Personal Data do we Collect from You?
The term “personal data” in this policy refers to data that does or can identify you as an individual either directly or indirectly.
The types of personal data that we process include, but are not limited to:
Special Categories of Personal Data
There may be instances in which the personal data that you provide to us or we collect is considered to be special categories of personal data under data protection law. Special categories of personal data can include racial or ethnic origin; genetic data; biometric data for the purpose of identifying an individual; data concerning health or data concerning your sex life or sexual orientation.
Please note that we require certain personal data (including special categories of personal data which relates to your health status and your biometric data) in order to be able to provide you with access to the gym and for health and safety reasons. If you do not provide such information, this may impact our ability to offer the use of our services to you. Where we process special categories of personal data, we will ask you for your explicit consent in order to do this.
If you volunteer information to us that contains special categories of personal data, you will be regarded as giving your explicit consent to us processing it. We will seek to confirm with you that this is the case unless we have a legitimate reason for not doing so.
We collect personal data directly from you when you complete our forms, we contact you or you contact us, whether submitted on the website, electronically or in person.
How We Use Your Personal Data
We process personal data concerning members and those on our mailing list for a number of reasons which relate to providing our gym services to that member. These reasons include:
The legal basis on which we rely for processing your data for these purposes is that the processing is necessary for the performance of a contract to which you are a party; complying with our legal obligations; and in order to fulfil our legitimate interests of providing you with an excellent standard of service, which includes providing you with information about products, services and offers that we feel will be of interest to you.
Where we send marketing communications by electronic means (such as phone, SMS or email) we will obtain your consent. Where you have provided consent, please note that you may withdraw it at any time. This shall not affect the lawfulness of any processing that was based on your consent before you withdrew it.
Monitoring in the Gym
There are CCTV cameras in operation within and around our gyms.
The legal basis on which we rely in respect of using CCTV is that this processing is necessary for the purposes of a legitimate interest pursued by the Company. For example, images recorded may be used for the following purposes:
to prevent and detect crime in our gyms;
to protect the health and safety of members, colleagues and visitors; and
to manage and protect our property and the property of our members, visitors and colleagues.
Where we Store your Data and Transfers
We store your personal data on our servers which are located within the European Economic Area (EEA), however, we may need to transfer data outside the EEA as a result of some of the service providers we use.
The main third parties we use are:
From time to time we may engage other third parties to provide us with services which we believe will ultimately benefit our members. Where we outsource the processing of your personal data to third parties or provide your personal data to third party service providers (this can include your data being transferred outside of the EEA), we oblige those third parties to protect your personal data in accordance with the terms and conditions of this policy and applicable data protection legislation, with appropriate security measures. Please ask us if you would like to see a copy of these agreements with third parties in respect of data transfers.
We reserve the right to disclose any personal data we have concerning you if we are required to do so by a court of law or requested to do so by the Police or a government body or if we determine it is necessary or desirable to comply with the law or to protect or defend our rights or property in accordance with applicable laws. We also reserve the right to retain personal data collected and to process such personal data to comply with accounting, tax rules, regulations and any specific record retention laws.
Protecting Your Personal Data
The personal data we collect from you is stored by us and/or our service providers on databases protected through a combination of physical and electronic access controls, firewall technology and other reasonable security measures. Nevertheless, such security measures cannot prevent all loss, misuses or alteration of personal data and we are not responsible for any damages or liabilities relating to any such incidents which are outside our control. Where required under law, we will notify you of any such loss, misuse or alteration of personal data that may affect you, so that you can take the appropriate actions for the due protection of your rights.
How Long do we Store your Personal Data?
We retain CCTV images for up to 30 calendar days (club dependent and based on local system), however this period may be extended when we have a reason to investigate footage or have been requested to retain the footage by the Police, for example.
We will retain your personal data for up to seven years starting the day after your membership ends, after which point the personal data will be destroyed. If you are not a member but you have agreed to receive marketing from us, we will hold your contact details for marketing purposes for a reasonable period or unless you request otherwise.
Your personal data is protected under data protection laws and you have a number of rights (explained below) which you can seek to exercise. Please contact us using the details shown below if you wish to do so, or if you have any queries in relation to your rights. If you seek to exercise your rights we will explain to you whether or not the right applies to you; these rights do not apply in all circumstances.
Contact and Complaints
If you have any questions, would like to exercise any of your rights or make a complaint about how your personal data is managed, please contact the Data Controller by:
Writing to us at: Gold’s Gym, 1 Manor Parade, Sheepcote Road, Harrow,Middlesex,HA1 2JN;
Emailing us at: firstname.lastname@example.org; or
Calling us on: 0208 901 6161.
Please note that you also have the right to lodge a complaint with the ICO by writing to Exchange Tower, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF; or telephoning 0303 123 1113. For further information, the ICO’s website can be accessed at www.ico.org.uk.
Links to other Websites
Security and Liability
In order to comply with our obligations under Data Protection law, we will protect your personal data from unauthorised access, misuse, alteration or loss by using commercially reasonable security measures. Any payment transactions will be encrypted using SSL technology.
Nothing in this policy in any way excludes or limits our liability for negligence causing death or personal injury or for fraudulent misrepresentation.
Unfortunately the transmission of information via the internet is not completely secure. Although we will do our best to protect your personal data, we cannot guarantee the security of any data transmitted to our site; any transmission will be at your own risk.
We are not responsible or liable to you for any loss or damage you may suffer or incur in connection with your use of our online services which is caused by any event beyond our reasonable control including the electronic transmission of information, content, material and data over the internet and the interception and decryption of it by others.
We are not responsible to you for any losses or damage you may suffer caused by any distributed denial-of-service attack, or any viruses, trojans, worms, logic bombs or other material which is malicious or technologically harmful and which may infect, contaminate or damage your computer equipment or computer programs, or cause damage to software or damage to or loss of data unless caused by our negligence. You should ensure that you use appropriate virus checking software and firewalls.
Whilst we have taken reasonable steps to ensure the accuracy, currency, correctness and completeness of the information contained on our website, we do not check, review, monitor, verify or endorse any information, content, material or data collected from or provided by third parties which is displayed on or is otherwise available from our website or any third party websites or services which you can access from our site. We are not responsible to you for any loss, damage or injury you may suffer or incur in connection with such information, content, material or data. It is your responsibility to check that such information, content, material or data is accurate, current, correct and complete.
If your personal data is accessed by an unauthorised third party, we will not be responsible for any direct or indirect damage caused as a result of such unauthorised access.
Where we have given you a password which enables you to access certain parts of our site, you are responsible for keeping this password confidential. We ask you not to share your password with anyone.
Whilst we take all reasonable steps to ensure that our website continues to be available there may be times when it is not available. This may be for reasons relating to the maintenance of, or alterations to, the website or for reasons beyond our control. We are not responsible to you if the website is unavailable.