Privacy Policy
This Privacy Policy (“Policy”) explains how your information is collected, used and disclosed by Gym Spa Soho Ltd. (“we”/ “us” / “our”). This Policy applies where we are acting as a Data Controller, where we determine the purposes and means of the processing of that personal data, for example with respect to the personal data of our website visitors, service users, clients, partners etc.
Who will use my data? | Gym Spa Soho Ltd. |
Who are we? | We are a male-only premier gym and spa experience. Our focus is on creating a specialised environment where you can achieve your fitness goals and enjoy top-notch relaxation services tailored specifically for men. |
What for? | We will store and process your data to effectively provide our gym and sauna products and services and to support the ongoing operation and development of our business. The data collected enables us to deliver a personalized and efficient experience, ensuring that we meet your needs and maintain high standards in our offerings.
When you visit our website or use our services, we may collect specific types of information necessary for our operations. This includes:
● Personal Information: Such as your name, to ensure proper identification and communication. ● Payment Details: For processing transactions and managing billing efficiently. ● Membership Information: To manage your membership status, benefits, and access to our facilities. ● Health Information: As required to tailor our services to your individual health and fitness needs and ensure a safe environment.
Additionally, we utilise on-site CCTV. This system is employed for security and crime prevention purposes, helping us maintain a safe environment for all our members and staff.
Your data may also be used to process payments and other financial transactions accurately and securely. This ensures that all financial operations related to your membership and usage of our services are handled efficiently and in compliance with relevant regulations.
We are committed to using your data responsibly and in accordance with applicable data protection laws, ensuring that it is handled securely and used solely for the purposes outlined above. |
What will happen if I contact you? | If you contact us, we will process the information you provide in order to respond to your inquiry or fulfil your request. This may include using your information to communicate with you, troubleshoot problems, and improve our services. We may also use your information to personalise your experience and to improve the functionality of our services. We may also use your information to send you marketing or promotional materials, but only if you have opted-in to receive such communications. Upon receiving your request, you will be connected with our team of experienced professionals who will reach out to you to understand your needs, challenges, and objectives. This initial dialogue is of great importance for us to gain insights into how we can best support you. |
What data will be stored? | You are not required to provide personal information to use our services, except for data collected through our CCTV cameras. We will only store the personal information you choose to share with us. This may include your personal details, such as name, address, email and phone number and other personal details in order to provide our Gym and Sauna membership services to you. We will store details of enquiries, reservations, orders, and related financial information as required to run our business but always as you would reasonably expect. Data from our CCTV cameras is stored securely at all times with strict access controls and appropriate levels of security. |
What data will be shared? | We will not share your data with any third parties other than as described here, to fulfil our obligations to you, operate and develop our company, and to protect our interests. We will only share any data that is particularly relevant to our process in order to provide the services that we offer. We may share your information with regulators or legal bodies that request it. |
How long? | Your data will be stored for up to 2 months following the ending of your membership, after which time your data will be deleted. For more information, please refer to our Data Retention Policy.
|
Who can access my data? | Access to your data will be managed with the utmost care and security. We are committed to keeping your information safe and secure. Your personal data will not be accessed by, sold to, shared with, or otherwise distributed to any third party except as outlined in this policy and always in compliance with GDPR requirements.
Specifically, CCTV footage is strictly controlled and can only be accessed by Senior Management who have undergone comprehensive GDPR training. This ensures that only authorized personnel with a legitimate need can view the footage, maintaining the highest standards of privacy and data protection.
If any changes to this policy occur, or if there are circumstances that require sharing data with third parties, we will ensure that such actions are transparent and obtain your consent when necessary, in line with GDPR regulations. |
How is my data kept secure? | We store only minimal amounts of personal data to fulfil our services. The majority of your data is securely stored on-site in protected document storage facilities or on our own dedicated servers. These storage solutions are designed with strong security measures to ensure the safety and confidentiality of your information. For data stored online, such as in platforms like RotaCloud, we take additional steps to ensure that appropriate security measures and controls are in place. These measures are specifically chosen to comply with GDPR requirements, ensuring that your data is protected against unauthorised access and breaches. We regularly review and update our security practices to maintain a high level of protection for your personal information.
By employing a combination of secure physical storage and rigorous online security protocols, we strive to uphold the highest standards of data protection and privacy for all our clients. |
About This Privacy Policy
This policy sets out how we will collect, store and process the information that you provide to us, information we collect as a result of our interaction, the information we collect about you from other sources, or information we service about you by using the information we hold.
The General Data Protection Regulation (GDPR) describes how organisations must collect, handle, process, and store personal information. These rules apply regardless of whether data is stored electronically, on paper or on other materials. To comply with the law, personal information must be collected and used fairly, stored safely and not disclosed unlawfully. GDPR is underpinned by eight important principles. These say that personal data must:
- Be processed fairly and lawfully;
- Be obtained only for specific, lawful purposes;
- Be adequate, relevant, and not excessive;
- Be accurate and kept up to date;
- Not be held for any longer than is necessary;
- Processed in accordance with the rights of the data subjects;
- Be protected in appropriate ways;
- Not be transferred outside the UK, unless that country or territory also ensures an adequate level of protection.
We take these responsibilities seriously; this document describes our approach to data protection.
This policy helps to protect us from data security risks, including:
- Breaches of confidentiality. For instance, information being given out inappropriately;
- Failing to offer choice. For instance, all individuals should be free to choose how the company uses data relating to them;
- Reputational damage. For instance, the company could suffer if hackers successfully gained access to sensitive data;
- Any other risks inherent in the collection, storage, or processing of your data.
Who We Are And How To Contact Us
Gym Spa Soho Ltd. is registered in the UK and is registered with the Information Commissioner’s Office. The Data Protection Lead is Dan Hazlewood. You can contact us in any of the following ways:
Name of Data Protection Lead: Dan Hazlewood
Company name: Gym Spa Soho Ltd.
Data Protection Lead Address: Ramillies House, 1-2 Ramillies st. Soho London W1F 7LN
Data Protection Lead Number: 0204 519 6044
To whom does this privacy policy apply?
This policy relates to data subjects of Gym Spa Soho Ltd. including clients, customers, suppliers, partners, employees, and all other individuals. Processing of your data is required in order to offer you our Gym and Sauna services and to run our company. It applies to all data that the company holds relating to identifiable individuals, even if that information technically falls outside of the GDPR. This can include:
- Names of Individuals
- Postal addresses
- Email Addresses
- Telephone numbers
- Medical information (allergies, medication, other info)
- Sensitive information as required for us to provide our services to you and as you chose to share with us
- Financial information including payment information as required
- Information we collect from third parties
- Information we collect for online sources such as social media, search engines, and advertising platforms
- Security information such as CCTV footage
- Any other information provided to us in relation to our Gym and Sauna services
What this policy applies to
This section describes the lawful basis for processing your data and applies to the information about yourself that you choose to provide us with or that you allow us to collect. This includes:
- The information you provide when you contact us
- When you contact us in order to discuss using our services
- Information we collect about how you use the website
- Information relating to services we offer to you and other transactions including financial and other personal information required to complete these transactions
- Information that is given and stored as part of our ongoing relationship
- Information we collect as a result of our interaction,
- The information we collect about you from other sources,
- or information we service about you by using the information we hold.
We will only use your personal data for the purposes for which we collected it and as you would reasonably expect your data to be processed and only where there is a lawful basis for such processing, for example: We process special categories of data as defined in Article 9 or Article 10 of relevant data protection regulations. Within our premises, we maintain multiple CCTV cameras covering various areas frequented by our employees and customers. While the collection of CCTV footage does not always imply the gathering of special categories of data, there are instances where potentially explicit content involving customers may be inadvertently captured. In these cases, the processing of such data is based on our legitimate interests, specifically for safeguarding the safety and security of our premises, customers, and employees.
Furthermore, to protect the health and safety of our employees, we may collect health and allergy-related information. This data helps us manage potential risks and provide appropriate benefits and insurance coverage. We process this sensitive information based on our legitimate interest in ensuring the well-being of our employees and preventing potential health-related issues.
Purpose/Activity | Type of data | Lawful basis for processing |
To register you as a new member, customer, guest, visitor, etc… | (a) Identity, (b) Contact | Performance of a contract with you, to meet our legal obligations, in our legitimate interest to run our business |
As an employee, intern, volunteer, contractor, or agency staff etc… | (a) Identity, (b) Contact, (c) financial information, (d) personal information, (e) sensitive personal information | Performance of a contract with you, to meet our legal obligations, in our legitimate interest to run our business |
To process and deliver the services you request including managing payments, fees and charges, and to collect and recover money owed to us | (a) Identity, (b) Contact, (c) Financial, (d) Transaction, (e) Marketing and Communications | (a) Performance of a contract with you, (b) Necessary for our legitimate interests to recover debts owed to us |
To manage our ongoing relationship with you which will include notifying you about changes to our terms, products and services, or privacy policy, to maintain our records | (a) Identity, (b) Contact, (c) Profile, (d) Marketing and Communications | (a) Performance of a contract with you, (b) Necessary to comply with a legal obligation (c) Necessary for our legitimate interests to keep our records updated and to study how customers use our products/services |
To administer and protect our business | (a) Identity, (b) Contact, (c) Technical | (a) Necessary for our legitimate interests for running our business, provision of administration, network security, to prevent fraud and in the context of a business reorganisation or group restructuring exercise, (b) Necessary to comply with a legal obligation |
To protect our customers, employees, and all visitors. For crime prevention and revenue protection
| (a) Identity [CCTV footage], images, other media | (a) Legitimate Interest |
Purpose/Activity | Type of data | Lawful basis for processing |
We may collect and process information about you, including your name, date of birth, address, contact details (including email address and mobile phone number), membership details, payment information etc… We may take personal information from:
- Information you provide when you visit us
- Information that you provide when completing membership documents (including your name, contact details and other information you provide)
- Information that you provide to us when signing up to any distribution lists to receive correspondence from us
- Information you provide when using our services
Personal data we receive will be used for the purposes it was provided, including:
- To respond to queries from you regarding our services
- To carry out our obligations arising from any contracts entered into between you and us, including the provision of services, and to respond to queries from you regarding those contracts
- To manage and administer the relationships between you and us
- To notify you about changes to our services and to otherwise communicate with you; for example, we will use your contact details in order to respond to any queries that you submit to us
- To obtain feedback from you regarding us
- To operate our business
- To protect our visitors, employees, and for revenue protection and security reasons
In accordance with your preferences, we may also use your personal information to provide you with information about products, services, promotions and offers that may be of interest to you. We may use your personal information in order to ascertain the services, promotions and offers that are likely to be of particular interest to you. This document explains how you can change whether to receive this information. Please note that, even if you choose not to receive this information, we may still use your personal information to provide you with important services communications, including communications in relation to any purchases you make or services you use.
How to change your preferences
We operate in line with the GDPR data protection guidelines. We respect your rights and will respond to any request for access to personal information and requests to delete, rectify, transfer, data and to stop processing. We will also advise you on how to complain to the relevant authorities. Where possible any requests or objections should be made in writing to the Data Controller, or you can visit our website, call, or email us to contact us to exercise your rights, make a complaint, or change your preferences at any time.
Opting out at a later date
You have the right to amend or withdraw your consent at any time, including opting out of marketing communications or the processing of financial data. You can also object to the processing of your data and request its deletion. We respect all user rights as defined in the GDPR. If you have any questions, comments, or wish to file a complaint, please contact us.
How we store and process your data
Your data will be collected, stored and processed securely. In case where we transfer your data internationally, we will ensure we take appropriate precautions to protect this data. Your data will normally be stored for up to 2 months after the termination of your membership in order to meet our legal obligations and protect our interests. For more information regarding our retention practices please refer to our Data Retention Policy.
We will only use your personal data for the purposes for which it was collected unless we reasonably believe that another use is necessary and compatible with the original purpose. If you would like more information about the compatibility of a new purpose with the original purpose, please contact us. If we need to use your personal data for an unrelated purpose, we will notify you and explain the legal basis for doing so.
CCTV is stored on our cloud servers and are secured with all industry standards. Only the senior management has access to this data.
In certain circumstances, we may be legally required to disclose your personal information without your knowledge. These circumstances include legal obligations, ongoing or prospective legal proceedings, or to establish, exercise, or defend our legal rights. This may involve providing information to others for fraud prevention or credit risk reduction. We may also disclose information if we believe a court or other competent authority would likely order us to do so.
Our obligations
As the Data Controller, we are legally responsible for the handling of the information you provide to us. We are committed to complying with the GDPR in all aspects of how we use and share your personal data.
Under certain circumstances, you have rights under data protection laws in relation to your personal data. These include the right to:
- Request access to your personal data;
- Request correction of your personal data;
- Request erasure of your personal data;
- Object to processing of your personal data;
- Request restriction of processing your personal data;
- Request transfer of your personal data;
- Right to withdraw consent.
You will not have to pay a fee to access your personal data (or to exercise any of the other rights). However, we may charge a reasonable fee if your request is clearly unfounded, repetitive, or excessive. Alternatively, we may refuse to comply with your request in these circumstances.
We may need to request specific information from you to help us confirm your identity and ensure your right to access your personal data (or to exercise any of your other rights). This is a security measure to ensure that personal data is not disclosed to any person who has no right to receive it. We may also contact you to ask you for further information in relation to your request to speed up our response.
We aim to respond to all legitimate requests within one month. Occasionally it may take us longer than a month if your request is particularly complex or you have made a number of requests. In this case, we will notify you and keep you updated.
Third Parties
We may have to share your personal data with selected third parties in order to meet our obligations to you and for the purposes described in this document:
- Service providers who provide IT and system administration services;
- Third parties including data processors, suppliers, service providers, equipment providers, and other third parties as required to run and grow our business;
- Professional advisers including lawyers, bankers, auditors and insurers who provide consultancy, credit scoring, banking, legal, fraud protection, insurance and accounting services;
- Other technology companies providing tracking, analytics, and advertising companies;
- Social media companies;
- Partners and other organisations involved in the provision of our services to you and as required to operate our company;
- Government organisation, regulators, other legal authorities and other relevant jurisdictions who require reporting of processing activities in certain circumstances;
- Third parties to whom we sell, transfer, or merge parts of our business or our assets;
- Other companies as required to meet our obligations to you and run our business.
We require all third parties to whom we transfer your data to respect the security of your personal data and to treat it in accordance with the law. We only allow such third parties to process your personal data for specified purposes and in accordance with our instructions.
Security
We have implemented appropriate security measures to protect your personal data from accidental loss, unauthorized access, use, alteration, or disclosure. Access to your data is restricted to management. They are authorized to process your data only under our instructions and are bound by confidentiality obligations.
In compliance with GDPR requirements, we will report any data breaches or potential breaches to the relevant authorities within 24 hours of becoming aware of them, and to affected individuals within 72 hours. If you have any questions or concerns regarding your data usag, please contact us.
Our website may contain links to third-party websites, plug-ins, and applications. Interacting with these links or connections may enable third parties to collect or share your data. We have no control over these third-party websites and are not responsible for their privacy practices. We encourage you to review the privacy policy of each website you visit after leaving our site.
Cookies
A cookie is a small file that asks permission to be placed on your computer’s hard drive. Once you agree, the file is added, and the cookie helps analyse web traffic or lets you know when you visit a particular site. Cookies allow web applications to respond to you as an individual. The web application can tailor its operations to your needs, likes and dislikes by gathering and remembering information about your preferences. We use traffic log cookies to identify which pages are being used. This helps us analyse data about webpage traffic and improve our website in order to tailor it to customer needs. We only use this information for statistical analysis purposes and then the data is removed from the system.
Overall, cookies help us provide you with a better website by enabling us to monitor which pages you find useful and which you do not. A cookie in no way gives us access to your computer or any information about you, other than the data you choose to share with us.
You can choose to accept or decline cookies. Most web browsers automatically accept cookies, but you can usually modify your browser settings to decline cookies if you prefer. This may prevent you from taking full advantage of the website.
As well as your ability to accept or reject cookies, we also require your permission to store cookies on your machine, which is why when you visit our site, you are presented with the ability to accept our terms of use, including the storage of cookies on your machine.
Contacting us, exercising your information rights and Complaints
If you have any questions or comments about this Privacy Policy, wish to exercise your information rights in connection with the personal data you have shared with us or wish to complain, please contact: Dan Hazlewood, Gym Spa Soho Ltd. We aim to process data protection requests within 30 days, SAR responses are usually free, but we reserve the right to charge for excessive or unfounded requests. We fully comply with Data Protection legislation and will assist in any investigation or request made by the appropriate authorities.
If you remain dissatisfied, then you have the right to apply directly to your local data protection authority.
You can find the list at https://www.edpb.europa.eu/about-edpb/about-edpb/members_en
To be modified if something else is applicable.