FULL PRIVACY NOTICE
This Privacy Notice sets out what personal information is processed by Abbeycroft Leisure and for which purposes. It also explains the rights you have and how to exercise these.
Abbeycroft Leisure collects and processes personal information which is considered to be ‘personal data’ under the GDPR. The GDPR (and applicable privacy legislation) sets out how we can use your personal data to manage the customer relationship. Abbeycroft Leisure is committed to being transparent about how it collects and uses that information and to meeting its information protection obligations.
Data controller (responsible for determining what and how personal information is processed):
Abbeycroft Leisure, Ehringshausen Way, Haverhill, Suffolk, CB9 0ER
Data protection officer:
Emma Haley, email@example.com
What information does Abbeycroft Leisure collect?
Abbeycroft Leisure collects and processes a range of information about you. This can include:
- your name, address and contact details, including email address and telephone number, date of birth and gender;
- the terms and conditions of your membership / use;
- health information (with your explicit consent);
- details of your credit/debit card for payment purposes (where necessary);
- information about dependants and emergency contacts, where a legitimate interest exists;
- information about your usage of the facilities;
- evidence of concessionary status (where applicable);
- payment status;
- cookies are collected when you use our website;
- evidence of qualifications (class instructors);
- photos (with your explicit consent).
Abbeycroft Leisure is not responsible for the content or data collection of third party websites, where links exist on the website www.the-self-centre.co.uk.
How personal information is collected:
Abbeycroft Leisure collects this information in a variety of ways. For example, information is collected through membership applications, registration forms, from correspondence with you, through our website; or through other assessments.
Information is stored in a range of different places, including in your membership file, in the membership management system (Mindbody Online), in our newsletter services (Constant Contact), and in Abbeycroft Leisure's IT systems (including the email system).
Why does Abbeycroft Leisure process personal information:
Abbeycroft Leisure processes information based on the following reasons:
As part of a contract:
- to offer access to the services we provide and
- to meet its obligations under your membership contract (where applicable)
- to ensure we comply with any health and safety laws
- to process payments
Based on consent:
- for marketing purposes,
- for collection of health data
Because we have a legitimate interest:
- to contact you regarding your service access and appointments
- to monitor and evaluate services offered to develop the offering
- when you make an enquiry to us
- to protect against fraud
In certain circumstances, we may have to process customer information to respond to and defend against legal claims.
Where Abbeycroft Leisure relies on legitimate interests as a reason for processing information, it has considered whether or not those interests are overridden by the rights and freedoms of customers and has concluded that they are not.
Some special categories of personal information, such as information about health or medical conditions, is processed to carry out health and safety law obligations and is only collected with explicit consent.
Where Abbeycroft Leisure processes other special categories of personal information, such as information about ethnic origin this is done for the purposes of equal opportunities monitoring and is voluntarily given.
Who has access to information:
Your information will be shared internally, including with the management team, instructors and reception staff if access to the information is necessary for performance of their roles.
Abbeycroft Leisure shares your information with third parties in order to process payments, keep you updated with our services and news, administer memberships and bookings, and process accidents.
Third Parties within the EEA that can be used to process your information include:
West Suffolk IT Services manage the whole IT system including emails; 3IT to raise invoices and pay suppliers; Sicon to raise purchase orders; Payaway to pay suppliers; Bankline to make one off payments and process customer refunds; Netbanx to process payments.
Abbeycroft Leisure uses two third parties that are outside the European Economic Area (EEA) which are USA based and they are: Constant Contact to send newsletters and email communications; Mindbody Online to process memberships. Both third parties hold the Privacy Shield Framework accreditation which enables us to access their services under EEA data protection regulations and ensure the security of your information.
How does Abbeycroft Leisure protect information:
Abbeycroft Leisure takes the security of your information seriously. Abbeycroft Leisure has internal policies and controls in place to try to ensure that your information is not lost, accidentally destroyed, misused or disclosed, and is not accessed except by its employees in the performance of their duties. The following sets out measures taken to protect your information:
- An annual training programme exists for staff to develop their awareness.
- Restricted access to systems and information relevant to the job role are in place to ensure only the necessary people have access to relevant information
- A comprehensive set of policies exist which form part of our staff employment contract.
Where Abbeycroft Leisure engages third parties to process personal information on its behalf, they do so on the basis of written instructions, are under a duty of confidentiality and are obliged to implement appropriate technical and organisational measures to ensure the security of information.
For how long does Abbeycroft Leisure keep information:
Abbeycroft Leisure will hold your personal information for the duration of your membership or use of the facilities (if not a member). It will hold your personal information for the minimum amount of time necessary after the end of membership or usage and this will be held for no longer than 3 years.
As an information subject, you have a number of rights. You can:
- withdraw consent, where this is the basis for processing;
- access and obtain a copy of your information on request;
- require Abbeycroft Leisure to change incorrect or incomplete information;
- require Abbeycroft Leisure to delete or stop processing your information, for example where the information is no longer necessary for the purposes of processing;
- object to the processing of your information where Abbeycroft Leisure is relying on its legitimate interests as the legal ground for processing;
- ask Abbeycroft Leisure to stop processing information for a period if information is inaccurate or there is a dispute about whether or not your interests override Abbeycroft Leisure's legitimate grounds for processing information; and
- request to move your information to a different service provider.
You can exercise any of these rights by completing an online application form here www.the-self-centre.co.uk/index.php/privacy-policy or in writing to the Data Protection Officer, firstname.lastname@example.org.
If you believe that Abbeycroft Leisure has not complied with your information protection rights, you can complain to the Information Commissioner. The helpline is 0303 123 1113.
What if you do not provide personal information?
If you do not provide Abbeycroft Leisure with information requested there is a possibility you may not be able to access the services you would like to access.
Abbeycroft Leisure does not currently make decisions based solely on automated decision-making.