My Gravity Fitness & Dance is committed to complying with the Data Protection Act 1998, the General Data Protection Regulation (GDPR) and The Privacy and Electronic Communications (EC Directive) Regulations 2003. By using our websites, and Fitness Studio, you are consenting to us processing your information in the ways stated here.
What information do we collect and why?
The basis on which we collect and process your data is usually through contractual reasons and consent. Occasionally there may be a legal reason for collecting data, such as for example when there is an accident where we may need to provide details of this to the relevant health and safety authorities. We may also process your data based on our legitimate business interests for example in order to operate and improve our business.
The information we collect may include any of the following:
Any personal details you give us or we obtain from third parties.
Information you type into our websites or provide to one of our colleagues such as when you become a member, create your profile, update your member profile, provide activity data from other devices, make a booking, sign up as a volunteer, visit one of our centres or visit any of our health services. This information may include your personal contact data, fitness-related data which has been obtained in order to create personalised fitness workouts for you or health related data. We use this to provide you with the services you request, tell you about services you are eligible for, to keep in contact with you, manage your account and the services we provide. If you contact us by email, via the website, in person or by telephone we may keep a record of your contact information and enquiry and may subsequently use your contact details to respond to your enquiry.
Details of your transactions
We collect data for any transactions you carry out through our websites and services, so that we can administer the services you have with us. Please note that we never store your payment details on our website.
Sensitive Health Data
We collect any personal health data you provide to us when registering and signing up for our health services. We collect this information to ensure we are offering you the right services and so your progress can be tracked by yourself and us. We may ask you for information about your health in order to recommend appropriate exercise regimes or offer our other services.
We will store your bank account number and sort code data where you have a Direct Debit mandate in place. When the Direct Debit mandate finishes we will remove this data from our operational systems within 30 working days.
We process bank card information at the time we take payment. This data is not stored on our systems and is processed on Payment Card Industry Data Security Standard compliant banking systems.
Information about website visits including IP address.
The IP address is your computer’s individual identification number.
We will record customer comments and surveys about how we are performing
Your communications preferences.
We keep a record of any permissions and preferences you give us about what types of communication you are happy to receive from us.
Data relating to children
Children aged under 16 years must have a parent or guardian’s consent before providing personal information to us. We do not wish to collect any personal information without this consent.
How do we store and protect your personal information?
These are the basic guidelines we use to look after your personal data.
We maintain secure systems to protect your personal information
We respect your wishes about how we contact you, whether by post, telephone, email or text message
We will update your information or preferences promptly when you ask us to
We will respond fully to requests from you to see the information that we hold on you.
We will not hold your personal information for longer than is necessary for our legitimate business purposes.
We follow strict procedures when storing or handling information that you have given us. Some information is encrypted, such as payment transactions and password.
We will never sell your personal information to a third party.
We retain personal information as long as we consider it useful to contact you, or as needed to comply with our legal obligations. Where data is not needed for legal or statutory purposes we will delete this information if you request. See the contacts section to request your data to be deleted.
Services provided by contracted third parties
My Gravity Fitness & Dance may share information with third party organisations that provide specific services on our behalf which enhance our products and your experience with us. These organisations act as a Data Processor under our instructions. They may process data securely outside of the EEA. There is a contract in place with each third party which includes strict terms and conditions to protect your privacy.