Total Fitness Health Clubs Limited
Total Fitness Health Clubs Limited ("we", “us” and “our”) is registered with the Information Commissioner’s Office (ICO) as a data controller for the purposes of the Data Protection Act 2018 (DPA) and the General Data Protection Regulation (GDPR) under registration number Z3029300 at Wilmslow Way, Handforth, Cheshire, SK9 3PE.
Protecting your personal data
We are committed to safeguarding your personal information and we comply with all data protection laws including:
- The Data Protection Act 2018;
- The General Data Protection Regulation (GDPR); and
- Any regulations made under or to supplement either of the above, relating to the personal information that we collect about you.
- What personal data we collect about you;
- Why we collect that personal data;
- Who we share your personal data with;
- Why we might contact you and how you can change that;
- How long we retain your personal data;
- How we keep your personal data secure; and
- What rights you have in relation to your personal data.
Personal data collected by Total Fitness Health Clubs Limited
We hold the following personal information:
- Personal data you have provided to us when you enquire or become a Member of us or apply for a job with us including name, address, contact details (including email address and phone number);
- The name and contact details (including phone number) of your next of kin;
- Details of referrals, quotes and other contact and correspondence we may have had with you;
- Information obtained from customer surveys, promotions and competitions that you have entered or taken part in;
- Recordings of calls we receive or make;
- Notes and reports about your health and any treatment and care you have received and/or need, including about skin clinic visits and creams or treatments administered;
- Patient feedback and treatment outcome information you provide;
- Entered competitions and promotions that we have ran;
- Information about complaints and incidents;
- Information you give us when you make a payment to us, such as financial or credit card information;
- Other information received from other sources, including from your use of websites and other digital platforms we operate or the other services we provide, information from business partners, advertising networks, analytics providers, or information provided by other companies who have obtained your permission to share information about you;
- Completed our forms, or otherwise provided information to us, when accessing and/or using the products and services we make available, whether in our health clubs or otherwise; some of that information may be considered sensitive personal data for the purposes of the Act, and we will ask you for your specific written consent for us to use that information before you give that information to us, and we will tell you how we intend to use that information when we ask you for your consent.
Where you use any of our websites, we may automatically collect personal data about you including:
- Technical information, including the Internet protocol (IP) address used to connect your computer to the Internet, browser type and version, time zone setting, browser plug-in types and versions, operating system and platform,
- Information about your visit, including the full Uniform Resource Locators (URL), clickstream to, through and from our site (including date and time), products you viewed or searched for, page response times, download errors, length of visits to certain pages, page interaction information (such as scrolling, clicks, and mouse-overs), methods used to browse away from the page.
Where you have used one of our Total Fitness Skin Clinics the data we hold will include special category personal data.
Personal data we collect about you
We store personal data we collect about you while using our services and facilities within our Health Clubs. These include:
- Fitness class booking history
- Financial transaction information
- CCTV video and images
- Visit one of our websites
- Enquire about any of our services or treatments
- Register to be a customer or patient with us or book to receive any of our services or treatments
- Fill in a form or survey for us
- Carry out a transaction on our website
- Participate in a competition or promotion or other marketing activity
- Make online payments
- Contact us, for example by email, telephone or social media
- Participate in interactive features on any of our websites.
In the interests of training and continually improving our services, calls to us and our agents may be monitored or recorded.
- Personal data relating to children
We hold data relating to members aged under 16 years old in order to provide junior gym memberships or deliver fitness services specifically for children. We collect and process this data with the consent of a parent or holder of parental responsibility.
- Information we receive from other sources.
If you are an employee of one of our corporate clients who has taken up one of our services, we may be passed your name, contact number and email address, in order to get in touch with you to arrange an appointment or collect further information from you.
Reasons for collecting that personal data
We collect and store your personal data in order to provide you with membership-related services, such as access to our facilities. The legal basis for processing any personal information as part of this request is processed on the basis of performance of a contract or to take necessary steps to enter into a contract. Examples includes:
- Registering you for membership of our health clubs;
- Managing your membership account and the products and/or services available to you through it;
- Collecting and managing your payment for membership and, if you do not pay, for taking such steps as are necessary to arrange for you to make that payment; and
- To notify you about changes to our products or services; and
We also have legitimate interests for processing your personal data which include:
- CCTV use within Health Clubs; and
- To contact members to provide them with information about offers, products and services through email, SMS and post.
Who we share your personal data with
In the usual course of our business we may disclose your personal data (to the extent necessary) to certain third party organisations that we use to support the delivery of our services. This may include the following:
- Business partners, suppliers and sub-contractors for the performance of any contract we enter into with you,
- Organisations providing IT systems support and hosting in relation to the IT systems on which your information is stored,
- Third party debt collectors for the purposes of debt collection,
- Delivery companies for the purposes of transportation,
- Third party service providers for the purposes of storage of information and confidential destruction; and
- Third party marketing companies for the purpose of sending marketing emails, subject to obtaining appropriate consent.
Where a third party data processor is used, we ensure that they operate under contractual restrictions with regard to confidentiality and security, in addition to their obligations under Data Protection Laws.
We may also disclose your personal data to third parties in the event that we sell or buy any business or assets or where we are required by law to do so.
Receiving communications from Total Fitness Health Clubs Limited and updating your preferences
If you are an existing customer and have not opted out of receiving marketing communication from us at the time you provided your personal details, we will contact you by email and SMS to inform you of our products and services we think may be of interest to you. You are able to update your marketing contact preferences at any time via our Members Area.
For new customers, we may contact you to promote our products and services if you have provided your explicit consent for us to do so. You can change your marketing contact preferences at any time via our Members Area.
Right to object
You have the right to object to the processing of their personal data in certain circumstances.
There is an absolute right to stop your personal data being used for direct marketing. If you wish to amend your marketing preferences or prevent your personal data being used for marketing purposes please either send your objection to email@example.com.
Retention of personal data
We do not retain personal data for as long as necessary and we will retain personal data provided to us in line with our retention schedule. Once the period has elapsed, we will securely destroy your personal data in accordance with our data handling policies.
Security of personal data
We take the confidentiality, integrity and availability of your personal data seriously and have implemented technical and organisational measures to ensure that your information is kept secure. We conduct assessments to ensure the ongoing security of our information systems.
All information you provide to us is stored securely. Any payment transactions on our website will be processed securely by third party payment processors.
Where we have given you (or where you have chosen) a password that enables you to access certain parts of our website, you are responsible for keeping that password confidential. We ask you not to share a password with anyone.
Personal data and your rights
Right of access
You have the right to obtain a copy of your personal data held by us as well as other supplementary information. If you would like to request a copy of your personal data, the best way to make a request is by completing our right of access form and send to firstname.lastname@example.org. We will respond to your request without undue delay and at the latest within one month of receipt of the request.
We may also ask you to provide ID in order for us to confirm your identity. We may ask for one of the following to verify your identity:
- Driving licence;
- Birth or marriage certificate; or
- Utility bill (from the past 3 months).
We will only request identification where appropriate. If so, we will contact you as soon as practicable to inform you further information is required to respond to your request.
Right of rectification
You have the right to have inaccurate personal data rectified. If you believe we are processing inaccurate or incomplete personal data about you, please submit your request to rectification at email@example.com.
Right for erasure
It is your right to request the deletion of your data from our records, except (as explained above) if it is necessary for us to perform our legal obligations or contractual obligations to you or another third party. If you would like to submit a request for erasure of data, please send your request to firstname.lastname@example.org.
In addition, you also have the right to:
- In some circumstances, receive the personal data which you have provided to us, in a structured, commonly used and machine-readable format and have this transmitted to another data controller (Data Portability);
- Withdraw consent where this is the legal basis for us processing your information; and
- Object to processing where we are relying on legitimate interests as the legal ground for processing.
If you have any data protection concerns or wish to exercise your rights under the GDPR, please contact:
Data Protection Compliance Manager
Total Fitness Health Clubs Limited
Complain to the ICO
If you have concerns about the way we have handled your personal data please contact us in the first instance. If you remain unsatisfied you can contact the ICO on 0303 123 1113, by emailing email@example.com or by post at Wycliffe House, Water Lane, Wilmslow, Cheshire SK9 5AF.