Privacy Notice

PRIVACY NOTICE


GENERAL DATA PROTECTION REGULATION


The General Data Protection Regulation (GDPR) is a piece of EU legislation. It has been
introduced to give individuals more control over their personal data and how it is stored. It is
important that we have your permission to store a record of your personal data so that we
can continue to communicate with you.


Due to recent changes we have updated our Privacy Notice to clarify how we collect, share
and retain personal data, including:
 your rights in relation to your personal data under relevant data protection laws
 our policies for retaining personal data
 how we use your data to inform you about our products and services.


What information do we ask for?
 Name, Address, Date of Birth
 Contact details, including telephone numbers and email address
 Financial information, including credit/debit card details (When paying for
Membership via direct debit)
 Health details and medical history if choosing to use any Council Fitness Suite
 Details of GP if medical conditions indicated.
 Ethnic & Cultural background
 Disability


How we use your information
 Administering your Access Card or Membership applications (as is necessary for
performance of a contract between you and us and/or as is necessary for our
legitimate interests)
 Verifying your identity (as is necessary for compliance with our legal obligations
and/or as is necessary for our legitimate interests)
 Using your payment details to process payments relating to your Membership or
access to facilities, including fees, renewals, mid-term changes to your Membership
and refunds (as is necessary for the performance of a contract between you and us
and/or as is necessary for our legitimate interests)
 Sending you information about how to renew your Membership (as is necessary for
compliance with our legal obligations)
 Communicating with you about your membership including responding to your
enquiries (as is necessary for the performance of a contract between you and us
and/or as is necessary for our legitimate interests)
 Communicating with you using TRP software package (used to improve member
engagement within the Health & Leisure Industry – see TRP Privacy notice
trpcem.com/privacy-policy )
 Administering debt recoveries, where you owe us money under a contract or
otherwise (as is necessary for the performance of a contract between you and us
and/or as is necessary for our legitimate interests)
 Information may be shared with other organisations or departments where you
consent to have deductions made from your salary or indicated details of medical
conditions prior to using the Council’s Fitness Suites.
 Undertaking market research and statistical analysis, including analysing your use of
our website. This allows us to develop new, or improve existing products and
services (as is necessary for our legitimate interests)
 Ethnic monitoring & disability information used to provide reports for National
statistics. This is an anonymous report not attached to any personal data.
 We will send you marketing about similar products and services by post, telephone,
email, SMS and through digital channels. Digital channels include social media and
similar such digital marketing channels. We may upload and match the personal
data you provide to us with the data you provide to social media and similar such
digital marketing channels. This allows us to improve our knowledge of you and, in
return, serve you with relevant marketing messages.
You can object to receiving marketing from us at any time by contacting
goactivesales@sthelens.gov.uk
 We will not share any of the information you provide during the application process
with any third parties for marketing purposes or store any of your information outside
of the European Economic Area. The information you provide will be held securely by
us whether the information is in electronic or physical format according to Council
Policies.
Our "legitimate interests" as referred to above include our legitimate business purposes and
commercial interests in operating our business in a customer-focused, efficient and
sustainable manner, in accordance with all applicable legal and regulatory requirements
How long is your personal data kept
We will retain your personal information for a number of purposes, as necessary to allow
us to carry out our business. Your information will be kept for 3 years on our database from
the date of your last recorded visit, after which time it will be deleted. Bank details will be
deleted immediately after cancellation of membership. Any retention of personal data will be
done in compliance with legal and regulatory obligations and with St Helens Council Policies.
These data retention periods are subject to change without further notice as a result of
changes to associated law or regulations. If you have any questions in relation to the
retention of your personal data, please contact our Data Protection Officer at the details
provided below.
Your rights
Under the General Data Protection Regulation you have the following rights:
 to obtain access to, and copies of, the personal information that we hold about you
by making a Subject Access Request, in accordance with St Helens Council’s Policy,
details of which are on the Council’s Website and Intranet
 to require that we cease processing your personal information if the processing is
causing you damage or distress
 to require us not to send you marketing communications by contacting
goactivesales@sthelens.gov.uk
 to require us to restrict or object to our data processing activities
 to require us to erase your personal information (unless processed under Official
Authority policy)
 to receive from us the personal information we hold about you which you have
provided to us, in a reasonable format specified by you, including for the purpose of
you transmitting that personal information to another data controller
 to request the amendment of any inaccurate or incomplete personal data held.
Please note that these rights may be limited by data protection legislation, and we may be
entitled to refuse requests where exceptions apply.
Right to Complain


If you are not satisfied with how we are processing your personal information, you can make
a complaint to the Information Commissioner.
Tel: 0303 123 1113
Online: www.ico.org.uk
Post: Information Commissioner, Wycliffe House, Water Lane, Wilmslow, SK9
St Helens Council Data Protection Officer
St Helens Council’s Data Protection Officer can be contacted at:
dataprotection@sthelens.gov.uk