We have a Data Protection Officer who makes sure we respect your rights and follow the law. If you have any concerns or questions about how we look after your personal information, please contact the Data Protection Officer at email@example.com
What information do we collect and why?
The basis on which we collect and process your data is usually through consent. Sometimes there is a contractual reason, like being able to process a monthly direct debit payment. Occasionally there may be a legal reason for collecting data, such as for employees when we have to collect the information for the HMRC, or, should you have an accident, we may need to provide details of this to the relevant health and safety authorities. We may also process your data based on our legitimate business interests e.g. in order to operate and improve our business.
Why do we need your personal information?
We may need to use some information about you to:
- Deliver services and support to you;
- To carry out our obligations arising from any contracts entered into between you and us
- Manage those services we provide to you
- Service improvement
- Prevention/detection of crime/fraud
- Help investigate any complaints you have about our services
- Check the quality of our services
How the law allows us to use your personal information
There are a number of legal reasons why we need to collect and use your personal information. Generally we collect and use personal information for the purposes of where:
- You are entering or have entered into a contract with us
- You, or your legal representative, have given consent
- It is necessary to protect someone in an emergency
- It is required by law
- You have made your information publicly available
- It is necessary for legal cases
- It is necessary for archiving, research, or statistical purposes
The information we collect may include any of the following:
Any personal details you give us
Information you type into our websites or provide to one of our colleagues such as when you become a member, create your profile, update your member profile, provide activity data from other devices, make a booking, sign up as a volunteer, visit one of our centres or visit any of our health services.
This information may include your personal contact data, fitness-related data which has been obtained in order to create personalised fitness workouts for you or health related data. We use this to provide you with the services you request, tell you about services you are eligible for, to keep in contact with you, manage your account and the services we provide. If you contact us by email, via the website, in person or by telephone we may keep a record of your contact information and enquiry and may subsequently use your contact details to respond to your enquiry.
Information which allows us to recognise you
Such as a unique member ID number; storing this data saves you from re-entering your details again when you return to the booking website. Achieve Lifestyle can recognise you by your photograph as well, which also allows us to ensure that your card is not misused if lost or stolen and helps us identify you to ensure we support you on your activity journey.
Details of your transactions
We collect data for any transactions you carry out through our booking website and services, so that we can administer the services you have with us. Please note that we never store your payment details on our website.
Sensitive Health Data
We collect any personal health data you provide to us when registering and signing up for our fitness services. We collect this information to ensure we are offering you the right services and so your progress can be tracked by yourself and us. We may ask you for information about your health in order to recommend appropriate exercise regimes or offer our other services.
We will store your bank account number and sort code data where you have a Direct Debit mandate in place. When the Direct Debit mandate finishes we will remove this data from our operational systems within 28 days.
We process bank card information at the time we take payment. This data is not stored on our systems and is processed on Payment Card Industry Data Security Standard compliant banking systems.
Visitors to our website
When a user visits achievelifestyle.co.uk we collect standard internet log information and details of visitor patterns. We do this to find out things such as the number of visitors to different parts of our website and this tells us the information that is useful. We do not collect information that identifies anyone. We do not make any attempt to find out information on who is visiting our website. We do not collect personal information through our website.
Our websites contain links to various third party websites. We are not responsible for the content or privacy practices of any external websites that are linked from our sites.
We will record customer comments and surveys about how we are performing
Other Sensitive data
Some information is ‘special’ and needs more protection due to its sensitivity. It is often information you would not want widely known and is very personal to you. This is likely to include anything that can reveal information relating to your:
- Sexuality and sexual health
- Religious or philosophical beliefs
- Physical or mental health
- Genetic/biometric data
- Criminal history
We will only collect this type of information if it is necessary to your contract so that we can provide the right services to you.
We may at times need to share this information. We will only do this if we have your consent or if there are legal requirements for us to do so. We may receive information about you from other data controllers, such as the police who might tell us about a crime they are investigating where this impacts on your contract with us. If you give us this information about yourself when communicating with us, you do so because you consider it forms part of a legitimate interest for us to hold this information on our records.
If we ask for any sensitive personal data about you, we will always tell you why we need it and ask for your consent to hold it.
Your communications preferences.
We keep a record of any permissions and preferences you give us about what types of communication you are happy to receive from us.
Data relating to children
Our services are used by people of all ages. Achieve Lifestyle may collect personal information from individuals under the age of 16. Children aged under 16 years must have a parent or guardian’s consent before providing personal information to us. We do not wish to collect any personal information without this consent.
How do we store and protect your personal information?
We store personal information both electronically and in paper form and we implement security policies, processes and technical security solutions to protect the personal information we hold from:
- Maintaining secure systems to protect your personal information
- Respecting your wishes about how we contact you, whether by post, telephone, email or text message
- Updating your information or preferences promptly when you ask us to
- Responding fully to requests from you to see the information that we hold on you.
- Not holding your personal information for longer than is necessary for our legitimate business purposes.
- Following strict procedures when storing or handling information that you have given us.
- Never selling your personal information to a third party.
When you contact us, we may ask you to provide us with some information so that we can confirm your identity. If other people (e.g. family members, support workers, solicitors) act on your behalf we will take steps to ensure that you have agreed for them to do so. This may include asking them to provide us with supporting information to indicate your consent. We do this to protect you and to make sure that other people cannot find things out about you that they are not entitled to know.
We retain personal information as long as we consider it useful to contact you, or as needed to comply with our legal obligations. Where data is not needed for legal or statutory purposes we will delete this information if you request.
Services provided by contracted third parties
Achieve Lifestyle may share information with third party organisations that provide specific services on our behalf. They may process data securely outside of the EEA. There is a contract in place with each third party which includes strict terms and conditions to protect your privacy.
Our current processing partners include Technogym and Legend.
NB: Use of services provided by our partners Technogym and Legend will be subject to the terms and conditions and/or Privacy Policies of these third party organisations. Please see the links to these third party terms:
Leisure and Health Partners
Achieve Lifestyle runs services on behalf of other organisations such as Local Authorities and NHS. Data may be shared with these organisations at a summary level, but not at a personable identifiable level. For our health related services, with your consent, we may share identifiable information with your GP and NHS services.
Achieve Lifestyle will never sell your personal information to any third party for marketing or other purposes.
How do we use your information?
We use your information to help us provide and improve our services for you. We may use your information in the following ways.
- To provide you with any services that you have purchased or receive free as part of your membership
- To check your identity
- To check your eligibility
- To update our records with any new information you give us
- To notify you if we will be unable to provide a service you have booked before
- To provide marketing communications (if you have given us your permission)
- For research and analysis so we can develop and improve our services for your benefit
- To tailor our communications to you to ensure relevance
- To comply with legal requirements.
- To safeguard users of our services
Who do we share your information with?
We may be required to share your personal information with the following:
We will share your personal information with local authorities usually for the purposes of providing services processed by that local authority
We may share your personal information with the police for the purposes of preventing or detecting a crime or fraud.
Safeguarding and Support Agencies
We may need to share your personal information with support agencies if we suspect that there may be safeguarding concerns about yourself or those who are your dependent(s). We will not tell you about this beforehand, we will take steps to only share that personal information which is necessary for the safeguarding purposes.
Debt Recovery Agents
We may share your personal information with debt recovery agents for the purposes of recovering any outstanding charges owed to us.
Legal Services and Partners
We may share your personal information with our legal services or solicitors if we are preparing or defending a legal claim.
Sometimes we have a legal duty to provide personal information to other organisations, this is often because we need to give that data to the police, courts, local authorities or government bodies.
How we use your telephone number
Text messages and contact via telephone provide a direct way to contact and share information with you about the services we can deliver to you. It can also help you to receive important messages about your membership, important site updates e.g. temporary closures and other services that we provide you.
If you provide your telephone number we may keep in contact with you by text.
Operational SMS/text messaging and calls
If you supply us with your telephone contact details, we may use them to call or send you operational text messages.
Examples of operational text messages include:
- Confirming an appointment, that you have requested
- Emergency site updates from your local centre
- Asking you to contact a named person or department
- Satisfaction surveys
Keeping you updated
There are certain communications we need to send to you so we can provide our services. We call these service communications e.g. notices about your direct debit payments, change of password, registration confirmations, appointment reminders and waiting list announcements. We would not be able to provide you with services if we did not send these.
We may from time to time contact you about our services or products we think you might find interesting by email, by post, telephone or SMS, but only if you have given us your permission to do so.
If you do not want us to contact you, other than for service announcements let us know when you next visit us or by contact us using the details below. You may also opt-out of email or any other communications by contacting us at firstname.lastname@example.org, or by letting us know in one of our centres.
Accuracy of data
We will always try to ensure the data we hold about you is accurate and relevant. If you believe the information we hold about you is out of date or incorrect, please tell a member of staff or contact us at email@example.com. We may not always be able to change or remove that information, but we’ll correct factual inaccuracies and may include your comments in the record to show that you disagree with it.
Seeing your data – Subject Access Request
The Data Protection Act 1998 and the General Data Protection Regulation give you the right to know what personal information we hold about you. This is called a Subject Access Request. Subject Access Requests from individuals should be made by email, addressed to the Data Controller at firstname.lastname@example.org. The Data Controller can supply a standard request form, although individuals do not have to use this and will aim to provide the relevant data within 28 days. The identity anyone making a Subject Access Request will be verified be it is completed
Please be aware that we can’t let you see any parts of a record which contain:
- Confidential information about other people; or
- May be held in preparation to defend legal claims
This applies to personal information that is in both paper and electronic records. If you ask us, we’ll also let others see your record (except if one of the points above applies).
Removing your data
In some circumstances you can ask for your personal information to be deleted, for example:
- Where your personal information is no longer needed for the reason why it was collected in the first place
- Where you have removed your consent for us to use your information (where there is no other legal reason us to use it)
- Where there is no legal reason for the use of your information
- Where deleting the information is a legal requirement
Where your personal information has been shared with others, we’ll do what we can to make sure those using your personal information comply with your request for erasure.
Please note that we can’t delete your information where:
- we’re required to have it by law
- it is for historical research, or statistical purposes where it would make information unusable
- it is necessary for legal claims
Requests for information to be deleted should be directed to the Data Controller at email@example.com.
Transferring your data
In some circumstances you can ask us to transfer your information to another organisation.
Complaints about how we manage your data
If you are not happy about the way we manage your data please contact us as quickly as possible by contacting your centre or by emailing firstname.lastname@example.org. You may also write to the Data Controller – who will investigate your complaint and get back to you as soon as possible.
Information Commissioner’s Office (ICO)
The ICO is the UK’s independent authority set up to uphold information rights. You have the right to contact them should you wish. Details can be found on their website: https://ico.org.uk/
Links to other websites
Our websites may contain links to and from external websites, advertisers and affiliates. If you follow a link to other sites please note that these will be governed by their own privacy policies. We cannot accept liability for data use on those websites.
In most instances it is best to contact us at the centre where you take part in our services. We can usually deal with most of your queries here.
Alternatively, you can write or email our Data Controller email@example.com