For the purposes of the UK General Data Protection Regulation (“the Regulation”) and the Data Protection Act 2018, the controller is The Gym Limited of 5th Floor, One Croydon, 12 - 16 Addiscombe Road, Croydon, CR0 0XT. The term ‘The Gym Limited’ or ‘us’ or ‘we’ refers to the operator of The Gym Group gyms and the owner of the Website whose registered office is 5th Floor, One Croydon, 12 - 16 Addiscombe Road, Croydon, CR0 0XT. Our company registration number is 05659669 (United Kingdom). The term ‘you’ refers to the user of one of the gyms that we operate or any other visitor to this Website, as the context dictates.
The Regulation gives you certain rights which are detailed in the section headed "Your Rights regarding personal information". The contents of this Privacy Notice are subject to these overriding rights and no provision in any other part of this Privacy Notice is to be construed as restricting the scope of those rights.
What information do we collect?
If you are a visitor to our Website, even an anonymous visitor, we may collect information about your computer, including where available your IP address, operating system and browser type, for system administration and to report aggregate information internally and externally. This statistical data about browsing actions and patterns does not identify any individual. Nevertheless, to the extent that such information falls to be treated as personal data, and you do not wish us to process it, you should change the settings on your internet browser to prevent collection of this information.
When you sign-up to become a member of The Gym we will know who you are, and the activities you perform on this Website or undertake at the gyms that we operate.
We may collect and process the following data about you:
• Any information that you provide us, including by filling in forms on this Website including but not limited to your name, address, email address and telephone/mobile number, for the purposes of informing you about the services that we offer, of entering into a contract with you and thereafter of delivering the services which we have agreed to provide under that contract.
• Any financial information provided to the Website as may be required for direct debits, and/or credit and debit card payments, or other types of electronic payment. Details of any transactions you carry out through the Website will be recorded.
• Further general information about you, including your personal or professional interests, experiences with our products and services or other products and services and your contact preferences to ensure that you receive services in the manner which is most convenient to you, to deliver a satisfactory service under the terms of our contract with you and to improve the services that we offer for the benefit of you and of other existing and future members.
• The Gym Limited may from time to time ask you to complete surveys via this Website or the website of one of our selected suppliers, and any information you provide in same will be recorded, though you are not obligated to take part. If you are going to submit personal data, your consent will be specifically obtained to the processing of that data at the time.
• Details of your visits to the Website, including, but not limited to, traffic data, location data, weblogs and other communication data. This will assist us in managing the website and generating generalised and anonymised information about usage and about our membership.
• The Gym Limited may request the last 4 digits of your PIN if you contact us, for our trusted staff to verify your identity and to ensure that we keep your personal data secure.
We may also retain copies of any correspondence you send to us and details of your membership history, for as long as it is appropriate to do so, and (as with all the personal data we process) subject to appropriate technological and organisational safeguards to protect its integrity.
We may collect information about your computer, including, where available, your IP address, operating system and browser type, for system administration and to report aggregate information to our advertisers. This is statistical information about the browsing actions of users of the Website and does not identify any individual. As indicated above, you may be able to change settings on your internet browser to prevent collection of this information, to the extent that it may in future be considered by law to be personal data.
What do we do with the information we collect?
We use collected information for the purposes of our legitimate interests, including:
• for internal record keeping;
• to manage your membership;
• for product development;
• to provide you with information on our products and services which we feel may interest you;
• to notify you about changes to our products and services;
• to answer your queries;
• to investigate any complaints made, either by you or another person;
• to contact you for market research and analyse the output of such research; and/or
• to make disclosures to law enforcement authorities or other statutory regulators;
• to allow us to establish, exercise or defend our legal rights, and/or
• to allow us to comply (and evidence our compliance) with any legal and regulatory obligations imposed on us.
We may collect and use special category personal data, and in particular, information about your health, with your consent or where you have provided it to us, to allow us to tailor our services to meet your needs and to ensure your health and safety.
We may also process information relating to actual or alleged criminal offences where it is necessary for the safety of staff or members, and only where such use is permitted by the law.
The Gym Group does not use your personal information in any automated decision-making process.
The Gym Group may contact you in relation to the nature of your attempted transaction, even if you don't confirm the transaction. This will be an operational email to enquire as to why the transaction was not completed. The data will not be used for any other purpose and certainly not shared with any other company other than the company that initiates the operational email (if this is not The Gym Limited). Our aim is simply to provide you with the highest level of service that we can.
Your personal data may be transferred abroad for any of the purposes explained in this policy and such transfer may be to a country outside of the EEA. If we transfer your personal data outside the EEA, it will only be to recipients who offer an adequate level of protection and who have appropriate safeguards in place to protect your personal data. It may also be processed by personnel operating outside the EEA who work for us or for one of our service providers. Again, this will only be where there is an adequate level of protection and who have appropriate safeguards in place to protect your personal data. Countries where personal information relating to you may be stored and/or processed, or where recipients of personal information relating to you may be located, may have data protection laws which differ to the data protection laws in your country of residence. By submitting your personal information, you accept that personal information relating to you may be transferred, stored or processed in this way.
The period of use of the personal data supplied by you will not be longer than we deem necessary to carry out the purpose for which such data was collected, provided that we may store and process your personal data for longer periods solely for archiving or statistical purposes where we have appropriate safeguards in place to protect your rights.
Who do we share this information with?
We may share your personal information with certain companies performing services on behalf of The Gym Limited (such as direct marketing agents) who will only use the information to provide a service that The Gym Limited has asked them to provide.
Those selected companies will perform a function for us, such as agencies and suppliers whom have been instructed to assist us to more effectively deliver services, manage and conduct promotions and offers, provide technical assistance and support and perform other functions to support marketing activities. A list of approved companies that process data on our behalf is available on request.
All selected companies may have access to personal information if needed to perform such functions but will only be permitted by us to use personal information for the purpose of performing that function and not for any other purpose.
Where you have given specific consent, your information may be shared with independent self-employed trainers for them to contact you to inform you of personal training services which they would like to offer you.
We may disclose your information to our subsidiaries or ultimate holding company and its subsidiaries, as defined in Section 1159 of the Companies Act 2006.
In the event we seek to sell or buy any business or assets, we may disclose your personal data to the prospective seller or buyer, subject to satisfactory assurances that the data will be processed securely by them.
Save for this, we do not sell, transfer or disclose personal information we have collected from you in connection with our website activities to third parties outside The Gym Limited.
How to get copies of or amend the information we have collected
You may request details of personal information which we hold about you under the Regulation. If you would like a copy of the information held on you, please contact us by email to email@example.com or in writing to The Data Protection Officer, The Gym Group, 5th Floor, One Croydon, 12 - 16 Addiscombe Road, Croydon, CR0 0XT.
If you think any information we have about you is incorrect or incomplete, please e-mail or write to us and we will correct or update any information as soon as possible. You can also update member information via the online Member Area at https://www.thegymgroup.com/member-area/.
Where we have given you a password to access certain areas of the Website you are responsible for keeping this confidential and we ask that you do not share this password.
Our Website may, from time to time, contain links to other websites which are not within our control. Once you have left our Website, we cannot be responsible for the protection and privacy of any information which you provide. You should exercise caution and look at the privacy statement applicable to the website in question.
System cookies are created each time you visit us and are automatically deleted when you close your browser. They remember the fact you're logged in and remember the selections that you make as you use the Website and Mobile Application. To find out more about cookies generally, including how to manage and delete them, visit www.allaboutcookies.org.
Identification cookies help us remember who you are when you come back to visit us and allow us to personalise timely and relative content to improve your journey and member experience.
Tracking cookies track any information or warning messages we've shown you, so that we don't show them again. If you express preferences about whether or not to receive certain types of cookie, we'll also use a cookie to store this preference.
Web analytics / Marketing effectiveness cookies collect anonymous data to help us understand customer behaviour, so we can make thegymgroup.com better. They tell us which bits of the Website and Mobile Application customers use the most and flag up any problems, so we can fix them quickly. They also tell us how customers find the Website and Mobile Application (for example via online adverts and search engines), so we know how effectively we are marketing.
Cookies for personalising your experience
Cookies for optimising the content shown on our website
We may wish to test a change or new feature on the site to see if it is effective before rolling it out to all our users. Cookies allow a random sample of site visitors to see it one way, and a different group another and ensure that you consistently get the same experience on repeat visits.
If you would prefer us not to set cookies on our Website, you can disable them by changing your internet browser settings. How to do this will depend on the browser you are using, but the following is a step-by-step guide to the most popular browsers:
Microsoft Internet Explorer:
• Click on the "Tools" menu
• Select "Internet Options"
• Click on the "Privacy" tab
• Select the desired setting
• Click on the Customisation menu at the top right of the page
• Select "Settings"
• Select "Show Advanced Settings" and then "Content Settings"
• Select the desired settings under the "Cookies" heading.
• Click on the "Tools" menu
• Click on "Options"
• Select "Privacy"
Choose the desired options under the "Cookie" menu.
For all other browsers, please follow the instructions provided by the relevant browser, usually located within the "Help", "Tools" or "Edit" facility.
If you only disable third party cookies, you will still be able to use this Website, but some of its content will not be as relevant to you. If you disable all cookies, this will result in our Website not working properly.
If you do choose to disable cookies, this choice will only apply to the device you are using at the time. If you want to stop cookies being set on other devices, you will need to follow the relevant steps on each device. Please note that disabling cookies does not delete cookies from your browser, you will need to do this from within your browser.
Some sections of our Website (for example the online shop) are provided by third parties.
Online Behavioural Advertising
We and those third parties may use this data to:
• help make the advertising you see on our Website and Mobile Application and elsewhere on the internet more relevant to you;
• tailor content on the Website and Mobile Application; and
• measure the effectiveness of advertising on the Website and Mobile Application and elsewhere on the internet.
How to opt out of third party online behavioural advertising
Cookies we use
Double Click floodlight
Double click bid manager
Facebook Custom Audience
Google Dynamic retargeting
Google Tag Manager
Online advertising privacy:
The Gym Group uses the Flashtalking platform for ad delivery and campaign analysis, applying both cookie-based and cookie-less technologies to identify devices. Learn more about Flashtalking's use of data and your choices in their Consumer Privacy statement.
This section sets out the appropriate actions and procedures which The Gym Limited follows in respect of the use of CCTV (closed circuit television) surveillance systems (“CCTV Systems”) at Our premises.
Sound recording is disabled on all cameras.
Please note that all Our gyms are monitored by CCTV 24 hours a day. The Gym Limited reserves the right for its employees and contractors to review footage as required and by entering onto our sites you consent to your image being recorded and reviewed and waive any and all claims in relation to same. Recorded CCTV footage will be stored securely and retained in compliance with applicable laws. The Gym Limited is registered as a Data Controller with the ICO, Registration Number: Z2810154.
In drawing up this policy, due account has been taken of the following:
1. The Regulation and any other relevant Data Protection legislation;
2. The CCTV Code of Practice produced by the Information Commissioner (“Code of Practice”); and
3. The Human Rights Act 1998.
This policy will cover all employees and persons providing a service to The Gym Limited, visitors and all other persons whose image(s) may be captured by our CCTV Systems.
We will also ensure that the personal data captured by our CCTV Systems is only processed in accordance with the following requirements:
• It will be processed fairly, lawfully and in a transparent manner;
• It will only be collected for specified, explicit and legitimate purposes and not further processed in any manner incompatible with those purposes;
• It will be adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed;
• It will be accurate and, where necessary, kept up to date;
• It will not be kept for longer than is necessary for the purposes for which the personal data are processed; and
• It will be processed in a manner that ensures appropriate security of the personal data.
Initial Assessment Procedures
The Gym Limited’s CCTV Officer has the legal responsibility for the day-to-day compliance with the requirements of this policy.
The purpose of the use of the CCTV Systems and the collection and processing of CCTV images is for the prevention or detection of crime or disorder, apprehension and prosecution of offenders (including use of images as evidence in criminal proceedings), interest of public and employee Health and Safety, protection of public health and the protection of our property and assets and to ensure compliance with our policies and procedures.
Prior to any camera installation the CCTV Officer will ensure that the installation complies with this policy and that the use of any camera is justified, necessary and proportionate. The CCTV Officer will regularly assess whether the use of any camera and the CCTV System as a whole continues to be justified, necessary and proportionate.
Siting the Cameras
The location of the equipment is carefully considered because the way in which images are captured needs to comply with the Regulation.
All cameras are located in prominent positions within public and staff view and do not infringe on sensitive areas. All CCTV surveillance is automatically recorded, and any breach of this siting policy will be detected via controlled access to the CCTV System and auditing of the CCTV System.
Quality of the Images
The images produced by the equipment will as far as possible be of a quality that is effective for the purpose(s) for which they are intended. Upon installation, all equipment is tested to ensure that only the designated areas are monitored, and suitable quality pictures are available in live and play back mode. All CCTV equipment is maintained under contract.
Processing the images
Images which are not required for the purpose(s) for which the equipment is being used will not be retained for longer than is necessary. While images are retained, it is essential that their integrity be maintained, whether it is to ensure their evidential value or to protect the rights of people whose images may have been recorded. Access to and security of the images is controlled in accordance with the requirements of the Regulation.
All images are digitally recorded and stored securely within the system’s hard drives. Images are stored for a minimum of 14 days and typical for no more than 31 days.
Where the images are required for any other purpose, for example system testing, evidential purposes or disciplinary proceedings, a copy file will be moved to an access controlled confidential location on the network and held until completion of the investigation. Viewing of images within the system is controlled by the CCTV Officer or a person nominated to act on their behalf. Only persons trained in the use of the equipment and authorised by the CCTV Officer can access data.
Access to and disclosure of images to third parties
Access to, and disclosure of, the images recorded by our CCTV System and similar surveillance equipment is restricted and carefully controlled. This ensures that the rights of individuals are preserved, and the continuity of evidence remains intact should the images be required for evidential purposes e.g. a police enquiry or an investigation being undertaken as part of an internal procedure.
Access to the medium on which the images are displayed and recorded is restricted to the CCTV Officer, staff authorised by them and third parties as authorised from time to time for specific purposes. Access to and disclosure of images is permitted only if it supports the purpose for which such images were collected.
Access to images by individuals
The Regulation gives any individual the right to request access to CCTV images which contain their personal data.
A written response will be made to the individual, giving the decision (and if the request has been refused, giving reasons) within 31 days of receipt of the request.
Your rights regarding personal information
The Regulation provides certain overriding rights for data subjects.
You are entitled to request details of the information we hold about you and how we process it. You may also have a right in accordance with applicable data protection law to have it rectified or deleted, to restrict our processing of that information (including in relation to direct marketing), to stop unauthorised transfers of your personal information to a third party and, in some circumstances to obtain your personal information in a structured, commonly used and machine-readable format or to have it transferred directly to another organisation. You may also have the right to lodge a complaint in relation to our processing of your personal information with a local supervisory authority (for residents of the United Kingdom: the Information Commissioner’s Office; further information can be found at https://ico.org.uk/).
If you object to the processing of your personal information, or if you have provided your consent to processing and you later choose to withdraw it, we will respect that choice in accordance with our legal obligations. Your objection (or withdrawal of any previously given consent) could mean that we are unable to perform the actions necessary to achieve the purposes set out above (see the section " What do we do with the information we collect?") or that you may not be able to make use of the services and products offered by us. Please note that even after you have chosen to withdraw your consent, we may be able to continue to process your personal information to the extent required or otherwise permitted by law on the basis of legitimate interest, in particular in connection with exercising and defending our legal rights, making disclosures to law enforcement authorities or meeting our legal and regulatory obligations.
If you have a concern about the way we are collecting or using personal information relating to you, we request that you raise your concern with us in the first instance: The Data Protection Officer, The Gym Group, 5th Floor, One Croydon, 12 - 16 Addiscombe Road, Croydon, CR0 0XT, or by email at firstname.lastname@example.org. Alternatively, you can contact the Information Commissioner’s Office at https://ico.org.uk/concerns/
How to contact us
Last updated 16/04/2021