The information we collect about you is processed in line with the General Data Protection Regulation and our Data Protection Policies.
This Privacy Notice is in compliance with our duty to inform Data Subjects of our processing activities.
The data protection declaration of Solan Fitness East Grinstead Limited is based on the terms used by the European legislator for the adoption of the General Data Protection Regulation (GDPR). Our data protection declaration should be legible and understandable for the general public, as well as our customers and business partners. To ensure this, we would like to first explain the terminology used.
In this data protection declaration, we use, inter alia, the following terms:
- Personal data
Personal data means any information relating to an identified or identifiable natural person (“data subject”). An identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
- Data subject
Data subject is any identified or identifiable natural person, whose personal data is processed by the controller responsible for the processing.
Processing is any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.
- Restriction of processing
Restriction of processing is the marking of stored personal data with the aim of limiting their processing in the future.
Profiling means any form of automated processing of personal data consisting of the use of personal data to evaluate certain personal aspects relating to a natural person, in particular to analyse or predict aspects concerning that natural person’s performance at work, economic situation, health, personal preferences, interests, reliability, behaviour, location or movements.
Pseudonymisation is the processing of personal data in such a manner that the personal data can no longer be attributed to a specific data subject without the use of additional information, provided that such additional information is kept separately and is subject to technical and organisational measures to ensure that the personal data are not attributed to an identified or identifiable natural person.
- Controller or controller responsible for the processing
Controller or controller responsible for the processing is the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data; where the purposes and means of such processing are determined by Union or Member State law, the controller or the specific criteria for its nomination may be provided for by Union or Member State law.
Processor is a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller.
Recipient is a natural or legal person, public authority, agency or another body, to which the personal data are disclosed, whether a third party or not. However, public authorities which may receive personal data in the framework of a particular inquiry in accordance with Union or Member State law shall not be regarded as recipients; the processing of those data by those public authorities shall be in compliance with the applicable data protection rules according to the purposes of the processing.
- Third party
Third party is a natural or legal person, public authority, agency or body other than the data subject, controller, processor and persons who, under the direct authority of the controller or processor, are authorised to process personal data.
Consent of the data subject is any freely given, specific, informed and unambiguous indication of the data subject’s wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her.
What categories of Personal Data do we process?
We process the following kinds of information in relation to these Data Subjects above:
- Personal contact details such as name, title, address, telephone numbers, and personal email addresses
- Date of birth
- Training/fitness information
- Information about your health, including any medical condition
Why do we process this information?
We will use the types of personal information specified above in the following circumstances:
- Where we need to comply with our legal obligations.
- Where it is necessary for our legitimate interests (or those of a third party) and your interests and fundamental rights do not override those interests.
Situations in which we will use your personal information
We need the categories of information in the list above primarily to allow us to perform our contract with you and to enable us to comply with legal obligations.
We may use your personal information to contact you, reasons why we would contact you include:
- To inform you of special offers or promotions which we think may be of interest to you
- To follow up on a recent visit you had to the facility
- To respond to a query from you
- To contact you for any important matters relating to your account/agreement with us
Some of the above grounds for processing will overlap and there may be several grounds which justify our use of your personal information.
We will only use your personal information for the purposes for which we collected it, unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose. If we need to use your personal information for an unrelated purpose, we will notify you and we will explain the legal basis which allows us to do so.
Where did we collect this data from?
Solan Fitness East Grinstead Limited obtains personal data in a number of ways including
- from orders placed by Client (whether by telephone, or email or by application form)
- from enquiries made by existing Client and potential Client
- from existing Client who make referrals passing on personal data to Solan Fitness Est Grinstead Limited.
Are you under any obligation to provide the Personal Data?
Where we process Personal Data to comply with our legal obligations Data Subjects must provide this information. If you fail to provide certain information when requested, we may not be able to perform a contract we have entered into with the hirer, or we may be prevented from complying with our legal obligations, or we may be prevented from achieving our legitimate interests.
Who do we share this information with?
The following activities are carried out by third-party service providers:
- IT services
- Outsourced account management services
- Legal advisors and accountancy services.
All our third-party service providers and other entities in the group are required to take appropriate security measures to protect your personal information in line with our policies. We do not allow our third-party service providers to use your personal data for their own purposes. We only permit them to process your personal data for specified purposes and in accordance with our instructions.
We may share your personal information with other third parties, for example in the context of the possible sale or restructuring of the business. We may also need to share your personal information with a regulator or to otherwise comply with the law.
We will not transfer your personal information outside the EU.
Will the information be used for automated decision making or profiling?
You will not be subject to decisions that will have a significant impact on you based solely on automated decision-making, unless we have a lawful basis for doing so and we have notified you.
How long do we keep this information?
We retain Personal Data in compliance with our Retention Policy and Schedule for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements.
How do we keep this information secure?
We have put in place appropriate security measures to prevent your personal information from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. In addition, we limit access to your personal information to those employees, agents, contractors and other third parties who have a business need to know. They will only process your personal information on our instructions and they are subject to a duty of confidentiality.
We have put in place procedures to deal with any suspected data security breach and will notify you and any applicable regulator of a suspected breach where we are legally required to do so.
What rights do you have?
Data Subjects are entitled to request that we erase, restrict, rectify or provide you with a copy of the data we hold, and may object to processing activities.
It is our policy to fulfil any such request within the statutory period of one month unless there is a compelling legal or contractual obligation which prevents us from doing so.
To make any such request please contact our head office:
Tel: 01928 583069
You also have the right to lodge a complaint with the UK’s data regulator, the Information Commissioner’s Office. Visit www.ico.org for more information.
Our contact information
Solan Fitness East Grinstead
1st Floor, The Atrium
Tel: 01342 891 316