PRIVACY NOTICE FOR OUR MEMBERS and OTHERS
We are committed to respecting your privacy.
This notice is to explain how we may use personal information (data) we collect:
- before, during and after your membership and so applies to you if you have registered to become or are a member of AtLAS;
- for any other relationship with us, this typically applies where you are not a member of AtLAS but have registered with us for AtLAS offers or services.
This notice explains how we comply with the law on data protection and what your rights are.
For the purposes of data protection we will be the data controller of any of your personal information (data).
References to we, our or us in this privacy notice are to AtLAS, also known as Adastral Park Leisure and Sports. AtLAS is an unincorporated not-for-profit organisation governed by a constitution and managed by an elected Executive Committee. It exists to manage and promote sport and leisure activities for those employed or previously employed at Adastral Park, Martlesham Heath, Ipswich, Suffolk.
We have not appointed a Data Protection Officer to oversee our compliance with data protection laws as we are not required to do so, but our elected Vice Chairman has overall responsibility for data protection compliance in our organisation. Contact details are set out in the “Contacting us” section at the end of this privacy notice.
PERSONAL INFORMATION (DATA) WE MAY COLLECT FROM YOU
Depending on the type of membership, offers or services you register for with us, you may provide us with or we may obtain personal information (data) about you, such as information regarding your:
- personal contact details that allows us to contact you directly such as name, title, email addresses and telephone numbers;
- date of birth;
- membership start and end date;
- employer and/or employment status;
- records of your interactions with us such as telephone conversations, emails and other correspondence and your instructions to us;
- any credit/debit card and other payment details you provide so that we can receive payments from you and details of the financial transactions with you;
- use of and movements through our website(s), including passwords, personal identification numbers, IP addresses, user names and other IT system identifying information;
- records of your attendance at any facilities managed by or events hosted by us;
- CCTV footage and other information obtained through electronic means such as swipecard and key fob records;
- images in video and/or photographic form and voice recordings;
- your marketing preferences so that we know whether and how we should contact you.
- identification documents such as passport and identity or security pass cards
WHERE WE COLLECT YOUR INFORMATION
We typically collect personal information (data) about our members when you apply to become an individual member of AtLAS. We also collect personal information (data) – whether or not you are an AtLAS member – when you register an account with us at our websites, currently atlasleisure.sportsoft.co.uk and atlasleisure.org.uk, when you purchase any services or products we offer, when you make a query and/or complaint or when you correspond with us by phone, e-mail or in some other way.
We also may collect personal information (data) about you from any third party references you provide as part of the application process for membership, for instance confirmation from your employer about your employment status.
If you are providing us with details of referees, they have a right to know and to be aware of how what personal information (data) we hold about them, how we collect it and how we use and may share that information. Please share this privacy notice as required. They also have the same rights as set out in the “Your rights in relation to personal information (data)” section below.
THE USES WE MAKE OF YOUR INFORMATION
The table below describes the main purposes for which we process your personal information (data), the categories of your information involved and our lawful basis for doing this.
Where the word ‘needed’ is used in the Lawful Basis column, this means we are holding your data on a ‘legitimate interest’ basis. i.e. it’s needed to administer your membership. Where the words ‘explicit consent’ are used this covers using your data for marketing or promotional purposes, where we need your (optional) consent.
|PURPOSE||personal information (data) USED||Lawful basis|
|To administer any membership you have with us and managing our relationship with you, including dealing with payments and any support, service or product enquiries made by you||All contact and membership details, transaction and payment information, records of your interactions with us, and marketing preferences.||Needed to enable us to properly manage and administer your membership contract with us.|
|To arrange and manage any contracts for the provision of any services or products||Contact details, transaction and payment information.
Records of your interactions with us.
|Needed to enable us to properly administer and perform any contract for the provision of any services and products you have purchased from us.|
|To send you information which is included within your membership benefits package, including details about advanced ticket information, competitions and events, partner offers and discounts||Contact and membership details.||Needed to enable us to properly manage and administer your membership contract with us.|
|To send you other marketing information we think you might find useful or which you have requested from us, including our newsletters, information about membership, events, products and information about our commercial partners||Contact details and marketing preferences.||Where you have given us your explicit consent to do so.|
|To answer your queries or complaints||Contact details and records of your interactions with us||Needed to provide complaint handling services to you in case there are any issues with your membership.|
|Retention of records||All the personal information (data) we collect.||Needed whilst they may be required in relation to complaints or claims. We need to retain records in order to properly administer and manage your membership and run our club and in some cases we may have legal or regulatory obligations to retain records.|
|The security of our IT systems||Your usage of our IT systems and online portals/websites.||Needed to ensure that our IT systems are secure.|
|For the purposes of promoting AtLAS, our events and membership packages.||Images in video and/or photographic form.||Where you have given us your explicit consent to do so.|
|To comply with health and safety requirements||Records of attendance, CCTV footage and other information obtained through electronic means such as swipecard and key fob records.||Needed as we have a legal obligation to provide you and other members of our organisation with a safe environment in which to participate in sport and leisure activities.|
|To administer your attendance at any courses or programmes you sign up to||All contact and membership details, transaction and payment data.||Needed to enable us to register you on to and properly manage and administer your attendance on the course and/or programme.|
For some of your personal information (data) you will have a legal, contractual or other requirement or obligation for you to provide us with your personal information (data). If you do not provide us with the requested personal information (data) we may not be able to admit you as a member or we may not be able to properly perform our contract with you or comply with legal obligations and we may have to terminate your membership. For other personal information (data) you may not be under an obligation to provide it to us, but if you do not provide it then we may not be able to properly perform our contract with you.
Where you have given us your consent to use your personal information (data) in a particular way, you have the right to withdraw this consent at any time, which you may do by contacting us as described in the “Contacting us” section below.
Please note however that the withdrawal of your consent will not affect any use of the data made before you withdrew your consent and we may still be entitled to hold and process the relevant personal information (data) to the extent that we are entitled to do so on legal bases other than your consent. Withdrawing consent may also have the same effects as not providing the information in the first place, for example we may no longer be able to provide certain member benefits to you.
MARKETING AND PROMOTION
Email, post and SMS text or other messaging marketing and promotion: from time to time, we may contact you by email, post or text or other messaging with information about products and services we believe you may be interested in.
We will only send marketing messages to you in accordance with the marketing preferences you set. You can then let us know at any time that you do not wish to receive marketing messages by contacting us using the details in the “Contacting us” section below. You can also unsubscribe from our marketing by clicking on the Unsubscribe link in the marketing messages we send to you.
DISCLOSURE OF YOUR PERSONAL INFORMATION (DATA)
We may share personal information (data) with the following parties:
- Any party (explicitly) approved by you;
- Other service providers: contractors, suppliers and IT services providers (including CRM, website, video and teleconference services);
- Our sub-contractors;
- The Government or regulators: where we are required to do so by law or to assist with their investigations or initiatives.
- Police, law enforcement and security services: to assist with the investigation and prevention of crime and the protection of national security.
Our policy is that we will not share your personal data with third-party businesses or organisations for marketing.
TRANSFERRING YOUR PERSONAL INFORMATION (DATA) INTERNATIONALLY
The personal information (data) we collect may be transferred to and stored in countries outside of the UK and the European Union. Some of these jurisdictions require different levels of protection in respect of personal information (data) and, in certain instances, the laws in those countries may be less protective than in the UK jurisdiction. We will take all reasonable steps to ensure that your personal information (data) is only used in accordance with this privacy notice and applicable data protection laws and is respected and kept secure and where a third part processes your data on our behalf we will put in place appropriate safeguards as required under data protection laws. For further details please contact us by using the details in the “Contacting us” section below.
HOW LONG DO WE KEEP PERSONAL INFORMATION (DATA) FOR?
The duration for which we retain your personal information (data) will differ depending on the type of information and the reason why we collected it from you. However, in some cases personal information (data) may be retained on a long-term basis: for example, personal information (data) that we need to retain for legal purposes will normally be retained in accordance with usual commercial practice and regulatory requirements. Generally, where there is no other legal requirement we retain all physical and electronic records for a period of six years after your last contact with us or the end of your membership. Exceptions to this rule are:
- CCTV records which are held for no more than 30 days unless we need to preserve the records for the purpose of prevention and detection of crime;
- We will hold for 2 years following application or termination, paper forms submitted with personal data relating to:
– unsuccessful or uncompleted membership applications;
– people who have terminated their AtLAS membership;
Note: Where we have transferred personal data from a paper form to an electronic record, we will keep the electronic record for the normal period (6 years).
- Information that may be relevant to personal injury or discrimination claims may be retained until the limitation period for those types of claims has expired. For personal injury or discrimination claims this can be an extended period as the limitation period might not start to run until a long time after the event.
It is important to ensure that the personal information (data) we hold about you is accurate and up-to-date, and you should let us know if anything changes, for example if you change your phone number or email address. You may be able to update some of the personal information (data) we hold about you via our website(s). Alternatively, you can contact us by using the details in the “Contacting us” section below.
YOUR RIGHTS IN RELATION TO YOUR PERSONAL INFORMATION (DATA)
You have the following rights in relation to your personal information (data):
- the right to be informed about how your personal information (data) is being used;
- the right to access the personal information (data) we hold about you;
- the right to request the correction of inaccurate personal information (data) we hold about you;
- the right to request the erasure of your personal information (data) in certain limited circumstances;
- the right to restrict processing of your personal information (data) where certain requirements are met;
- the right to object to the processing of your personal information (data);
- the right to request that we transfer elements of your data either to you or another service provider; and
- the right to object to certain automated decision-making processes using your personal information (data).
You should note that some of these rights, for example the right to require us to transfer your data to another service provider or the right to object to automated decision making, may not apply as they have specific requirements and exemptions which apply to them and they may not apply to personal information (data) recorded and stored by us. For example, we do not use automated decision making in relation to your personal data. However, some have no conditions attached, so your right to withdraw consent or object to processing for marketing and promotion are absolute rights.
Whilst this privacy notice sets out a general summary of your legal rights in respect of personal information (data), this is a very complex area of law. More information about your legal rights can be found on the Information Commissioner’s website at https://ico.org.uk/for-the-public/.
To exercise any of the above rights, or if you have any questions relating to your rights, please contact us by using the details in the “Contacting us” section below.
If you are unhappy with the way we are using your personal information (data) you can also complain to the UK Information Commissioner’s Office or your local data protection regulator. We are here to help and encourage you to contact us to resolve your complaint first.
CHANGES TO THIS NOTICE
We may update this privacy notice from time to time. When we change this notice in a material way, we will update the version date at the bottom of this page. For significant changes to this notice we will try to give you reasonable notice unless we are prevented from doing so. Where required by law we will seek your consent to changes in the way we use your personal information (data).
In the event of any query or complaint in connection with the information we hold about you, please contact us via our website Contact Us page (select FAO ‘Data Protection’) or write to us c/o Bodytalk Gym, Adastral Park, Martlesham Heath, Ipswich, IP5 3RE.
Dated: March 2020