Privacy policy
Introduction
Fitness First is the trading name for the Maddox Holdings Limited group of companies. Maddox Holdings Limited (Company Number 12005947) is the parent company and Fitness First Clubs Limited (Company Number 03207791) is its trading subsidiary. The registered office for both companies is:
Whelco Place, Enfield Industrial Estate
Enfield Street
Pemberton
Wigan
WN5 8DB
Fitness First takes the privacy of your information and how it is used very seriously, and we will only use your personal information in accordance with the current data protection law in the UK and this Privacy Policy. This notice describes the Fitness First Privacy Policy and how we aim to repay the trust you have shown by sharing your personal data with us. This Privacy Policy only applies to personal information we hold about individuals. It does not apply to information we hold about companies and other organisations.
The website www.fitnessfirst.co.uk is owned and operated by Maddox Holdings Limited to support the business activities of Fitness First Clubs Limited.
Personal Data
Under the General Data Protection Regulation (Regulation (EU) 2016/679) ('GDPR') and
Data Protection Act 2018 ('the Act'), personal data is defined as 'any information relating to an identified or identifiable natural person ('data subject'), by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person'.
General Data Protection Regulation (Regulation (EU) 2016/679) ('GDPR') and Data Protection Act 2018 ('the Act'), personal data is defined as 'any information relating to an identified or identifiable natural person ('data subject'), by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person'.
The Data Controller
A Data Controller is the individual or legal person, or entity, who and is responsible to keep and use personal data in paper or electronic files. We are the data controller as defined by relevant controls data protection laws and regulation.
Lawful Processing
The lawful bases for processing are set out in Article 6 of the GDPR. At least one of these must apply whenever personal data is to be processed:
(a) Consent: you have given Fitness First (e.g. any of the following depending on the situation freely, specific, informed, or unambiguous) consent for your personal data to be processed for a specific purpose.
(b) Contract performance: the processing is necessary for the performance of a contract you have with Fitness First, which had asked you to take specific steps before entering into a contract.
(c) Compliance with legal obligation: the processing is necessary for Fitness First to comply with the law (e.g. the tax/social security obligation/employment law) (not including contractual obligations).
(d) Protection of vital interests: the processing is vital to an individual's survival.
(e) Public interest: the processing is necessary for Fitness First to perform a task that is in the public interest or for its official functions, and the task or function has a clear basis in law.
(f) Legitimate interests: the processing is necessary for Fitness First legitimate interests, or the legitimate interests of a third-party, unless there is a good reason to protect the individual's personal data that overrides those legitimate interests.
Individual's Personal Data Rights
• The right of access.
• The right to rectification.
• The right to erasure or right to be forgotten.
• The right to restriction of processing.
• The right to be informed.
• The right to data portability.
• The right to object.
• The right not to be subject to a decision based solely on automated processing.
Under the GDPR and the Act, you may ask for a copy of the information we hold about you and you may request rectifications be made to this information if it is inaccurate or not up to date. Please email privacy@fitnessfirst.co.uk
Information We May Collect From You
Information that you provide by completing forms in writing, email, through our web site or social media. This includes information provided at the time of registering with us, to use our website (where applicable), to become a member of staff, to enter into a contract for our services, to support or subscribe to our services (where applicable), to request materials or to request further services, when you respond to a survey and/or when you report a problem with any of our communication channels or services.
We collect the following classes of information:
• name(s) and address(es), email, phone number(s) and other relevant (e.g. age group, interests, subscriptions, etc.) personal details and preferred (e.g. activities, events, news, and etc.);
• staff details relevant to their employment status;
• use of social media relating to Fitness First;
• photographs, recordings (audio and video)*;
• information about our relationship with you, correspondence, meeting notes, attendance at events etc
• occupation, skills and professional activity, network(s) and interests;
• Financial information (e.g. bank details) where they may be relevant to our needs;
• When you make a phone call or send an e-mail to seek information about our clubs/services;
• Recruitment and employment;
• Referrals by email or other method whether directly or indirectly;
• When you have used our services or benefited from our services in any ways including but not limited to club membership;
• Through your request for publications and other marketing materials;
• Through your registration for events;
• Through your contacting us with enquiries and comments
• Through our use of the Cookies on our website (please see the Cookies section below).
• We may also ask you to complete surveys that we use for research purposes, although you do not have to respond to them.
• Details of transactions you carry out and of the fulfilment of your orders.
• Details of your access to our databases or other materials.
We may also collect cookies during your visits to our website. Please refer to our Cookie Policy here.
How We Collect Your Personal Data
There are two main ways in which we collect your personal data:
a) directly from you
• that you provide to us; and
• that we automatically collect (e.g. IP addresses, OBA); and
b) from third parties.
Personal data that you give to us may be through several ways. These may include:
• directly via our website www.fitnessfirst.co.uk
• emailing your CV to a fitnessfirst.co.uk employee regarding a voluntary appointment;
• providing information via on-line forms or surveys
• collecting your data through a contractual or commercial relationship with you e.g. for membership subscriptions or attending a fee-paying event;
• via a form which could be online as part of our website or a form provided to us as a hard copy or electronically; and
• contacting us with enquiries or comments by telephone, email or hard copy correspondence.
Personal data may be given to us through another organisation with which you have registered or a corporate membership, and we may be required to process that data in order to fulfil services that you expect of us. This could include one of the following:
• via another authorised body with whom joint education or professional development takes place; and
• via professional bodies with whom there is a sharing of registration for events or activities.
How We Use Your Personal Data
We will process any of your personal data, in accordance with our obligations under the Act and the GDPR, for the following reasons:
• to provide you with the services you have requested;
• to comply with the Act and the GDPR;
• for administrative purposes;
• to assess enquiries; and
to provide you with information about us and our services. If, at any time, you do not wish to receive further information about us and our services, contact us at privacy@fitnessfirst.co.uk
Information Others May Share With Us About You
We never buy personal data from third parties or trade data with other companies. However, there are times when we must collect debt and we may share your information with our appointed debt collection agents.
We will share your personal data with our group companies and or partners where it is in our legitimate interests to do so.
Third Party Websites
Our site may, from time to time, contain links to and from the websites of our partner networks, advertisers, and affiliates. If you follow a link to any of these websites, please note that these websites have their own privacy policies and that we do not accept any responsibility or liability for these policies. Please check these policies before you submit any personal data to these websites.
Health Data, Fitness Data and App Usage Data
Health and Fitness Information
Where you use our mobile applications, connected fitness services, gym equipment integrations, wearable integrations or personalised fitness features, we may collect and process certain health, fitness and activity-related information about you.
This may include:
• Contact identifiers, such as your email address
• Demographic information, such as your date of birth and gender
• Physical characteristics data, such as your height, body weight and heart rate
• Training data, such as:
– training targets and goals
– training experience
– exercises completed
– preferred training days
– weights used
– training challenges
– preferred equipment
• Training session data, such as:
– running speeds
– workout intensity
– workout performance metrics
– weights used during workouts
• Profile information, such as:
– profile photographs
– fitness goals
– interests
– experience levels
• Bookings and attendance data, including classes booked, attended or cancelled
• Device identifiers and device information
• Location data used for:
– verifying your location
– locating gyms in your area
– delivering relevant content, services or restrictions based on your location
• Information collected through app technologies and third-party SDKs (software development kits), which are pieces of code released by third parties that provide certain functionality. These technologies may permit us or our third-party service providers to collect information from your browser or device.
Connected Devices, Wearables and Sensors
We only obtain health, fitness and activity metrics at your direction and/or with your consent.
Such metrics may be collected:
• through sensors integrated within our services or gym equipment; and/or
• where you choose to link our services with third-party fitness trackers, wearable devices, health platforms or connected fitness technologies
You may disconnect linked third-party services or adjust device permissions at any time through your device or application settings.
How We Use Health and Fitness Data
We use health, fitness and activity-related information to:
• provide personalised fitness experiences and recommendations
• provide personalised training plans and workout content
• support workout tracking and performance monitoring
• enable connected fitness and gym equipment integrations
• improve our products, services and member experience
• support class bookings, attendance tracking and gym access functionality
• provide customer support and troubleshoot technical issues
• maintain the security, functionality and performance of our applications and services
• comply with legal and regulatory obligations.
Location Data
Where enabled by you, our applications may collect precise or approximate location information from your device in order to:
• identify nearby Fitness First locations
• verify access to certain gym services or features
• tailor content and experiences relevant to your location
You can manage or disable location permissions at any time through your device settings.
Third-Party SDKs and App Technologies
Our applications may use third-party SDKs, analytics tools and related technologies to support functionality, security, analytics, crash reporting, performance monitoring, communications and personalisation.
These third parties may collect information from your device or browser in accordance with their own privacy policies.
Legal Basis for Processing
Where required under applicable law, we process health and fitness-related data:
• with your consent;
• where necessary to provide services requested by you
• to fulfil our contractual obligations
• for our legitimate interests in improving and operating our services; and/or
• to comply with legal obligations.
Protecting Your Personal Data
The data that we collect from you will be processed at our servers in the UK. It may also be processed by organisations operating in the EEA that Fitness First has instructed.
*The above applies in the case where we may collect photographs and recordings, including both audio and video.
If personal data is transferred outside the UK or EEA to a country without a designated adequacy rating, Fitness First will request the data subject's consent before processing the data, unless the processor's Binding Corporate Rules, Standard Contractual Clauses or ad-hoc contractual clauses stipulate that the data will be processed in accordance with the GDPR.
Security of Your Information
To help protect the privacy of data and personally identifiable information you transmit through use of this our website, we maintain physical, technical, and administrative safeguards. We update and test our security technology on an ongoing basis. We restrict access to your personal data to those employees who need to know that information to provide benefits or services to you. In addition, we train our employees about the importance of confidentiality and maintaining the privacy and security of your information. We commit to taking appropriate disciplinary measures to enforce our employees' privacy responsibilities.
Personal Data Retention
We store your personal data in accordance with our data retention policy. This policy is reviewed and updated internally to ensure we do not store your data for longer than is necessary. We also review how and where we store any data to ensure that we meet our obligation to store data securely.
In addition, some of the data we hold may be subject to certain legal and regulatory obligations, which provide a minimum retention period for different types of data. The retention period varies depending on the data we hold.
Cookies
Fitness First uses fundamental cookies on its website. Please refer to Fitness First Cookie Policy for further information.
Changes to Fitness First Privacy Policy
This privacy policy was last updated on 4th October 2021. Fitness First reserves the right to vary this privacy policy from time to time. Such variations become effective on posting on this website. Your subsequent use of this website or submission of personal information will be deemed to signify your acceptance to the variations.
Contact
Questions, comments, and requests regarding this privacy policy should be addressed to privacy@fitnessfirst.co.uk
You also have the right to lodge a complaint with the UK data protection regulator, the Information Commissioner's Office ("ICO"). For further information please refer to the ICO website
https://ico.org.uk/concerns and/or postal address:
Information Commissioner's Office
Wycliffe House
Water Lane
Wilmslow
Cheshire
SK9 5AF
Tel: 0303 123 1113 (local rate)
Klarna Privacy Policy
In order to offer you Klarna's payment methods, we might in the checkout pass your personal data in the form of contact and order details to Klarna, in order for Klarna to assess whether you qualify for their payment methods and to tailor those payment methods for you. Your personal data transferred is processed in line with Klarna's own privacy notice.