In this privacy policy, "CORE" means Core - Personal Training & Group Fitness who's registered office is at 1B Unit 4, St Marys Industrial Estate, Dumfries, DG1 1LJ. Core believe in transparency, and are committed to being up front about privacy practices, including how your personal information is treated. Core have undertaken an extensive exercise to ensure ongoing compliance with the European Union General Data Protection Regulation (EU GDPR).
Core have ensured all current businesses processes and procedures are in line with the GDPR rights and principles and any new processes involving personal information that are implemented will be thoroughly reviewed through a data protection impact. All company data protection procedures and policies are reviewed on an annual basis to ensure compliance.
This privacy policy sets out the data processing practices carried out through the use of the internet and any other electronic communication networks by Core, as well as describing the types of personal information that Core may collect about you and the purpose for which this information is used.
1. Accepting the privacy policy
2. Information collected or received
3. How and why Core use your personal information
4. Communication from Core
5. Sharing your information
6. Keeping your information secure
7. Core retention policies
8. Staying in control - your rights
9. Privacy policy changes
10. Contact
1. Accepting the privacy policy
Core need to process your personal information the run their business and provide you with their services. Upon visiting Core, contacting Core, or visiting Core you are accepting and consenting to the practices described in this privacy policy.
2. Information collected or received
Core collect personal information from members, staff and sub contractors to run their business and provide you with their services. This personal information may include the following: Name, date of birth, email address, contact number, company name, bank details and credit card details.
Core also collect the following information:
Sensitive information:
The term "sensitive information" in this context refers to information related to your racial or ethnic origin, religion or other beliefs and health. Whilst Core do not generally collect sensitive information unless it is volunteered by you, Core do have a legal requirement to collect health data for the purpose of recording your self assessment declaring readiness for physical exercise.
Photographs and Identification:
In the interest of security and prevention of crime, Core may take digital photo of each member of guest. Each member or guest may also be required to provide a form of identification for verification and security purposes.
Audio-Video:
Core use CCTV for health and security reasons. If you have any queries in relation to the use of CCTV operating in and around the building please contact management.core@outlook.com. Core have a business legitimate interest to monitor service standards within the building. This footage is only used for the purpose of internal monitoring and training of Core staff.
Digital:
When visiting Core social media sites your personal information may be collected, stored and used such as traffic data, location data, web logs, communication data and resources that you access, as well as other personal information detailed above. If you connect to Core or register for a tour of Core using an external a third party application such as Facebook or Instagram, these websites have their own privacy statement which Core suggest that you read before giving them your personal information. Connecting to Core via a third party application or service is optional and at your own discretion.
Core will only collect the relevant information required for the purposes of processing and will not use this information for any other purpose without obtaining consent.
3. How and why Core use your personal information
The information in the above, section 2, may be used for the following purposes:
- To carry out Core's obligations arising from any contractual agreement.
- To contact you about non contract aspects of your membership, such as a change in usage patterns.
- To provide you with information on products or services you request.
- To process payments and maintain accounts and records.
- To prevent crime, fraud and aid in the prosecution of offenders.
- To maintain membership records.
- To improve the Core platform.
- To conduct surveys and request feedback.
- To notify you about urgent communications such as a sudden closure of the business.
- To notify you of any changes to Core services, terms and conditions, privacy policy and gym rules.
- To process your job application if you apply for employment at Core.
- To read and respond to your comments made regarding Core services.
Other than as set out in this privacy policy Core will not use your personal information for any other purposes without your consent, unless required to do so by law.
4. Communication from Core
On occasion, Core may need to contact you. Primarily, these messages are delivered by email, text or phone, and every individual's record is required to keep a valid email address and contact number on file to receive these messages.
In response enquiries and when communicating with members. Core believe that the content is relevant, valuable, interesting and beneficial to you. Core also believe that you would reasonably expect to receive the type of content that is sent to you as part of your relationship with Core. Therefore, Core's current assessment is that the communication you receive is covered by the lawful basis for processing of "legitimate interest" under recital 47 within the GDPR. For all communication sent under the basis of legitimate interest, opt out options are provided and detailed later within this section.
For all communication where consent is the only legal basis, preferences will be collected in advance.
Core recognise that you value having control over your own information, so Core gives you the choice of editing your communication preferences if you disagree with the above. For Core members and ex members you may update these preferences by emailing management.core@outlook.com with your request.
Please note the following messages from Core fall into the category of compulsory communication and therefore no opt out option are available:
- Urgent communication such as unplanned closure of all or part of the business, reduced services or a change of opening times.
- Automated class booking communication such as booking confirmation, waiting list movement and cancellations.
- Contract and subscription related communication such as welcome emails, outstanding arrears, upcoming renewals, communication with the Core staff members.
You may receive communication from Core via the following communication systems, all of which offer an opt out service. Please note you must opt out of each individual communication system should you wish to exercise that right.
Direct email communication from Core staff via outlook:
To opt out you can email management.core@outlook,com to request this.
5. Sharing your information
Information about Core members is an important part to the business and Core do not sell it to others. Core shares member information only as described in this privacy policy.
Core use other companies and individuals to perform certain functions on Core's behalf. Examples include managing our membership database, sending texts, emails, providing marketing assistance, providing personal training. Third party services only have access to the personal information relevant for performing their functions, but will not use it for other purposes. Additionally they must process the personal information in accordance with this privacy policy and as permitted under the EU GDPR. Core will only disclose personal information to reputable companies and suppliers who process data on Core's behalf.
Enquiries through Core's social media sites hosted by third parties (Clubright). These can be used for purchasing memberships, individual classes, referring a friend online.
Membership system and booking app:
In order for Core to process and manage existing and ex memberships as well as prospective members, they use third party (Clubright) to provide the membership management system. Class bookings can be processed directly via the website hosted by Clubright.
Payment collection:
Core use third parties (gocardless & stripe) for payment collection whether that be upfront payment for membership, monthly direct debit payment for membership, one off payments at reception or debt collection.
Arrears collection:
Core reserve the right to forward a members information to a third party debt collection agency in the event of non payment of fees when due.
6. Keeping your information secure
In regards to environmental and physical security. all Core employees receive full training upon commencement on employment and subsequently on an annual basis thereafter. Further to this, daily, weekly and monthly audits are completed.
7. Core retention policies
Core have set company retention policies in place and these timescales are set in accordance with any applicable legislation and/or for any agreed legitimate reasons. Where none exist, then Core will keep your information for the duration for any contract you have entered into with Core, and then for a period of 7 years after, at which time all the personal information will be destroyed.
8. Staying in control - Your rights
Core understand the importance of data subjects remaining in control of their personal data. Core acknowledge the following rights you have under the GDPR, what they mean and how you can exercise them.
The right to be informed
The privacy policy states all used of your personal information and the purposes for processing this information. Should you have any concerns or questions about our privacy policy and practices, or would like a full list of our third party processors, then please email management.core@outlook.com.
The right of access
You have the right to access information that Core hold about you. If you wish to receive a copy of the information that Core hold, please email management.core@outlook.com.
The right to rectification, restrict processing, erasure and to object
You can ask Core at any time to change or amend the information that Core hold about you or restrict ways in which your data may be processed. You can update Core with amendments of personal information by emailing management.core@outlook.com.
9. Privacy policy changes
Core may make slight changes to the privacy policy, terms and conditions and club rules, however, will never materially change policies and practices to make them less protective of member information collected in the past without the consent of affected members. Core will display details of any changes to these notices and conditions.
10. Contact
If you have any questions, comments or concerns about data privacy at Core, please email a thorough description to management.core@outlook.com and Core will endeavour to resolve the issue for you. Alternatively should you wish to escalate any concerns or questions, rather than contact Core directly, please contact the supervisory authority The Information Commissioners Office. For more information please visit the website ico.org.uk