References to we, our or us in this privacy notice are to Everybody Health & Leisure (Oakwood Corporate Services, 3rd Floor, 1 Ashley Road, Altrincham, Cheshire, WA14 2DT; Company Number – 08685939; Registered Charity Number – 1156084).
Everybody Health & Leisure is registered as a Data Controller under the Data Protection Act. Certificate of registration number – CSN3857866.
Everybody Health & Leisure is committed to safeguarding your personal information. Whenever you provide such information, we are legally obliged to use your information in line with all applicable laws concerning the protection of personal information, including the Data Protection Act 1998 (these laws are referred to collectively in this Privacy and Cookies Policy as the “data protection laws”).
We have appointed a Data Protection Officer to oversee our compliance with data protection laws. They can be contacted by emailing firstname.lastname@example.org.
Our director with the overall responsibility for data protection compliance in our organisation is Kerry Shea. She can be contacted by emailing email@example.com.
Everybody Health & Leisure is a registered charity and a company limited by guarantee (Registered Charity No. 1156084; Company No. 08685939). Established in May 2014, Everybody Health & Leisure delivers leisure services and public health initiatives.
You have the following rights in relation to your personal information:
You should note that some of these rights, for example the right to require us to transfer your data to another service provider or the right to object to automated decision making, may not apply as they have specific requirements and exemptions which apply to them and they may not apply to personal information recorded and stored by us. For example, we do not use automated decision making in relation to your personal data. However, some have no conditions attached, so your right to withdraw consent or object to processing for direct marketing are absolute rights.
Whilst this privacy notice sets out a general summary of your legal rights in respect of personal information, this is a very complex area of law. More information about your legal rights can be found on the Information Commissioner’s website at https://ico.org.uk/for-the-public/.
To exercise any of the above rights, or if you have any questions relating to your rights, please contact us by emailing firstname.lastname@example.org.
If you are unhappy with the way we are using your personal information, you can also complain to the UK Information Commissioner’s Office or your local data protection regulator. We are here to help and encourage you to contact us to resolve your complaint first.
Giving Consent to Everybody Health & Leisure will only be undertaken where the individuals have:
There is the need for Everybody Health & Leisure to collect and process personal data without consent in the fulfilment of its duties and obligations to you, where appropriate. (For example: Personal and banking information will be required to process direct debit payments for membership fee collections). Should Everybody Health & Leisure partner with a payments collection company to enable the collection of these payments this provider will, as a business necessity, have access to customers’ personal information.
Everybody Health & Leisure will hold a copy of your consenting action in relation to who consented, when and how you were told. This information will be kept by Everybody Health & Leisure as long as is deemed appropriate.
When you sign up for membership with us or to take part in one of our programmes, you may provide us with or we may obtain personal information about you, such as information regarding your:
Within certain programmes, often commissioned services, we may also collect, store and use the following ‘special categories’ of more sensitive personal information regarding you:
Children’s information is also classed as ‘special category’ data.
We routinely collect data on children in order to undertake the delivery of our services. This may include personal information including name, address, date of birth, school, etc. This information will only be used for the purpose for which it was collected, for example, swimming lessons.
Parental or Guardian consent is requested for all usage in, for example, junior fitness memberships, for children and adolescents up to the age of 18.
In support of the NHS Test and Trace Service your name, address and contact details will be shared upon request following making a booking at your leisure centres.
We use information we collect to provide you with services which you request and to improve our existing services.
When you contact us, we may keep a record of your communication to help solve any issues that you might be facing. Your information may be retained for a reasonable time for use in future contact with you, or for future improvements to our services.
In the event the information you provide to us is an application for employment, that application will be held in accordance with our Document Retention Policy.
We may also use or disclose your personal information when we believe, in good faith, that such use or disclosure is reasonably necessary to (i) comply with law, (ii) enforce or apply the terms of any of our user agreements, or (iii) protect the rights, property or safety of Everybody Health & Leisure, Everybody Health & Leisure users, or others. Everybody Health & Leisure reserves the right to transfer and disclose your information if Everybody Health & Leisure becomes involved in a business divestiture, change of control, sale, merger, or acquisition of all or a part of its business.
Unless otherwise specified or prohibited, Everybody Health & Leisure may share information with affiliates, business partners, service providers, subsidiaries or contractors who are required to provide you with services which you have requested from us.
The duration for which we retain your personal information will differ depending on the type of information and the reason why we collected it from you. However, in some cases personal information may be retained on a long-term basis: for example, personal information that we need to retain for legal purposes will normally be retained in accordance with usual commercial practice and regulatory requirements.
Full details of how we manage the retention of data is outlined in our Data Retention Policy.
It is important to ensure that the personal information we hold about you is accurate and up-to-date, and you should let us know if anything changes, for example if you change your phone number or email address. Changes can me made when visiting one of our sites, at the reception desk, or by emailing email@example.com.
We like to tell you about other services we offer. When you are joining a programme or signing up for a membership we will ask if we can market to you. We will also ask how you would like to be contacted.
At the end of your membership your data will be retained in line with our Data Retention Policy.
Within all electronic communications, there will be the option to directly unsubscribe or you can email firstname.lastname@example.org.
At any time you are able to alter your preferences by emailing email@example.com.
Customer details collected as part of online campaigns are retained within either Everybody Health & Leisure third party email service provider; Campaign Monitor; when customer opt in to receive future communication, or membership team where prospects are required to fill out contact form which direct their details to freshdesk and will be kept on both accounts indefinitely unless customer choose to unsubscribe/opt out from the communication.
Campaign monitor collected customer/prospect’s details from XN database (with email marketing communication consent), event outreach, website sign up, and online lead generation campaign. Campaign monitor will delete Everybody Health & Leisure content and/or any archived data within 30 days after the date of cancellation of the agreement and only with the written confirmation from Everybody Health & Leisure.
Textanywhere; SMS messaging service collected customer data as part of membership agreement and will be used as a form of membership related contact. There is an option to opt out from the communication including in the text body. Textanywhere will remove Everybody Health & Leisure content and/or any archived data within 12 months after account cancellation.
Paper form details are collated on to a central data base and accessed via a secure login to restricted persons. Paper forms are destroyed as per section 5 below after being scanned and stored on the secure location for future proof.
All data base information gathered for marketing purposes is destroyed when information is no longer required or useful and is not retained for a period of more than 12 months
Everybody @ Home
Everybody @ Home is Everybody Health & Leisure on demand and live health and fitness classes channel which use Google Firebase to collect and store customer data in order to verify the membership status and login. We collect customer data when a user registers on the system – this consists solely of an email address and password. Google Firebase requires Personal details and Member number on registration to authenticate the account creation, but these details are not stored on the system. Customer data, including secure hashed passwords is store in Google Cloud in the ‘eu-west2’ data store distributed across multiple secure locations in Greater London. Access to the data is secured via an Everybody Sport and Recreation’s google account requiring 2-factor authentication to access. Everybody Sport and Recreation can export all user data on request and once the google account is closed the data will be available for 30 days.
The security of your personal information is important to us. We follow generally accepted best practice industry standards to protect the personal information submitted to us, both during transmission and once we receive it.
We use all reasonable measures to safeguard personally identifiable information, which measures are appropriate to the type of information maintained, and follows applicable laws regarding safeguarding any such information under our control. In addition, in some areas of our Sites, we use encryption technology to enhance information privacy and help prevent loss, misuse, or alteration of the information under our control. We also employ industry-standard measures and processes for detecting and responding to inappropriate attempts to breach our systems.
No method of transmission over the Internet, or method of electronic storage, can be 100% secure. Therefore, we cannot guarantee the absolute security of your information. The Internet by its nature is a public forum, and Everybody Sport and Recreation encourages you to use caution when disclosing information online. Often, you are in the best situation to protect yourself online. You are responsible for protecting your username and password from third party access, and for selecting passwords that are secure.
The Everybody Health & Leisure website (www.everybody.org.uk) is a key communication tool for us. We take interaction with our website and the safety of our users very seriously.
No website can be completely secure; if you have any concerns that your Everybody Health & Leisure account could have been compromised e.g. someone could have discovered your password, please get in touch straight away.
Cookies are a technology that can be used to help personalise your use of a website. A cookie is an element of information that a website can send to your browser, which may then store it on your system. You can set your browser to notify you when you receive a cookie, giving you the chance to decide whether to accept it or decline at any time. To enable Everybody Health & Leisure to assess the effectiveness and usefulness of this Site, and to give you the best user experience, we collect and store information on pages viewed by you, your domain names and similar information. Our Site makes use of anonymous cookies for the purposes of:
An Internet Protocol (“IP”) address is associated with your computer’s connection to the internet. Everybody Health & Leisure may use your IP address to help diagnose problems with Everybody Health & Leisure server, to administer the Site and to maintain contact with you as you navigate through the Site. Your computer’s IP address also may be used to provide you with information based upon your navigation through the Site.
Aggregate information is used to measure the visitors’ interest in, and use of, various areas of the Site and the various programs that Everybody Health & Leisure administers. Everybody Health & Leisure will rely upon aggregate information, which is information that does not identify you, such as statistical and navigational information. With this aggregate information, Everybody Health & Leisure may undertake statistical and other summary analyses of the visitors’ behaviours and characteristics. Although Everybody Health & Leisure may share this aggregate information with third parties, none of this information will allow anyone to identify you, or to determine anything else personal about you.
Within our facilities, we have developed partnerships with a number of companies that offer services to our users. To access these services, users may have to disclose personal data. All systems are totally optional.
All partners have been carefully selected and the way they use data has been scrutinised. All providers are compliant with the General Data Protection Regulation.
Within these examples you are providing your information to the companies named who are the data controllers.
We use a variety of online engagement tools and social media options to communicate and interact with customers, potential customers, employees and potential employees. These sites and applications include popular social networking and media sites, open source software communities and more. To better engage the public in ongoing dialog, we use certain third-party platforms including, but not limited to, Facebook, Twitter and LinkedIn. Third-Party Websites and Applications (TPWA) are Web-based technologies that are not exclusively operated or controlled by Everybody Health & Leisure.
When interacting with the Everybody Health & Leisure presence on those websites, you may reveal certain personal information to Everybody Health & Leisure or to third parties. Other than when used by Everybody Health & Leisure employees for the purpose of responding to a specific message or request, Everybody Health & Leisure will not use, share, or retain your personal information.
We also collect personal information from our employees and from job applicants (human resource data) in connection with administration of our human resources programs and functions.
These programs and functions include, but are not limited to; job applications and hiring programs, compensation and benefit programs, performance, review and development processes, training, access to our facilities and computer networks, employee profiles, employee directories, human resource recordkeeping, and other employment related purposes.
It is the policy of Everybody Health & Leisure to keep all past and present employee information private from disclosure to third parties. There are certain business related exceptions and they are:
Prospective employers, government agencies, financial institutions, and residential property managers routinely contact Everybody Health & Leisure requesting information on a former or current employee’s work history and salary. All such requests of this type shall be referred to and completed on a confidential basis by the People Solutions team or payroll department. For written verification of employment requests, information will be provided on the form only when it is accompanied by an employee’s signed authorisation to release information. The form will be returned directly to the requesting party and filed as part of the payroll department’s confidential records.
Everybody Health & Leisure adheres to the European Union Data Protection (95/46/EC) and e-Privacy (2002/58/ED) Directives, the Data Protection Act 1998 and the General Data Protection Regulations.
We do, for legitimate business reasons, transfer minimal data outside the EU and all/any company in the US will be required to adhere to the GDPR principles and have signed up to the US Privacy Shield.
It is important to ensure that the personal information we hold about you is accurate and up-to-date, and you should let us know if anything changes, for example if you change your phone number or email address.
If you have provided us with your personal information, you have the right to inspect the information stored by us for accuracy, or may request that the information be removed from our records. We will make all reasonable efforts to comply with such requests except where it would require a disproportionate effort (for example developing a new system or changing an existing practice).
We will require that you verify your identity before we act on a request to edit or remove your information.
Requests to update or any requests regarding your personal data held by Everybody Health & Leisure can be made by emailing firstname.lastname@example.org.