Privacy Notice



The General Data Protection Regulation (GDPR) is a piece of EU legislation. It has been
introduced to give individuals more control over their personal data and how it is stored. It is
important that we have your permission to store a record of your personal data so that we
can continue to communicate with you.

Due to recent changes we have updated our Privacy Notice to clarify how we collect, share
and retain personal data, including:
 your rights in relation to your personal data under relevant data protection laws
 our policies for retaining personal data
 how we use your data to inform you about our products and services.

What information do we ask for?
 Name, Address, Date of Birth
 Contact details, including telephone numbers and email address
 Financial information, including credit/debit card details (When paying for
Membership via direct debit)
 Health details and medical history if choosing to use any Council Fitness Suite
 Details of GP if medical conditions indicated.
 Ethnic & Cultural background
 Disability

How we use your information
 Administering your Access Card or Membership applications (as is necessary for
performance of a contract between you and us and/or as is necessary for our
legitimate interests)
 Verifying your identity (as is necessary for compliance with our legal obligations
and/or as is necessary for our legitimate interests)
 Using your payment details to process payments relating to your Membership or
access to facilities, including fees, renewals, mid-term changes to your Membership
and refunds (as is necessary for the performance of a contract between you and us
and/or as is necessary for our legitimate interests)
 Sending you information about how to renew your Membership (as is necessary for
compliance with our legal obligations)
 Communicating with you about your membership including responding to your
enquiries (as is necessary for the performance of a contract between you and us
and/or as is necessary for our legitimate interests)
 Communicating with you using TRP software package (used to improve member
engagement within the Health & Leisure Industry – see TRP Privacy notice )
 Administering debt recoveries, where you owe us money under a contract or
otherwise (as is necessary for the performance of a contract between you and us
and/or as is necessary for our legitimate interests)
 Information may be shared with other organisations or departments where you
consent to have deductions made from your salary or indicated details of medical
conditions prior to using the Council’s Fitness Suites.
 Undertaking market research and statistical analysis, including analysing your use of
our website. This allows us to develop new, or improve existing products and
services (as is necessary for our legitimate interests)
 Ethnic monitoring & disability information used to provide reports for National
statistics. This is an anonymous report not attached to any personal data.
 We will send you marketing about similar products and services by post, telephone,
email, SMS and through digital channels. Digital channels include social media and
similar such digital marketing channels. We may upload and match the personal
data you provide to us with the data you provide to social media and similar such
digital marketing channels. This allows us to improve our knowledge of you and, in
return, serve you with relevant marketing messages.
You can object to receiving marketing from us at any time by contacting
 We will not share any of the information you provide during the application process
with any third parties for marketing purposes or store any of your information outside
of the European Economic Area. The information you provide will be held securely by
us whether the information is in electronic or physical format according to Council
Our "legitimate interests" as referred to above include our legitimate business purposes and
commercial interests in operating our business in a customer-focused, efficient and
sustainable manner, in accordance with all applicable legal and regulatory requirements
How long is your personal data kept
We will retain your personal information for a number of purposes, as necessary to allow
us to carry out our business. Your information will be kept for 3 years on our database from
the date of your last recorded visit, after which time it will be deleted. Bank details will be
deleted immediately after cancellation of membership. Any retention of personal data will be
done in compliance with legal and regulatory obligations and with St Helens Council Policies.
These data retention periods are subject to change without further notice as a result of
changes to associated law or regulations. If you have any questions in relation to the
retention of your personal data, please contact our Data Protection Officer at the details
provided below.
Your rights
Under the General Data Protection Regulation you have the following rights:
 to obtain access to, and copies of, the personal information that we hold about you
by making a Subject Access Request, in accordance with St Helens Council’s Policy,
details of which are on the Council’s Website and Intranet
 to require that we cease processing your personal information if the processing is
causing you damage or distress
 to require us not to send you marketing communications by contacting
 to require us to restrict or object to our data processing activities
 to require us to erase your personal information (unless processed under Official
Authority policy)
 to receive from us the personal information we hold about you which you have
provided to us, in a reasonable format specified by you, including for the purpose of
you transmitting that personal information to another data controller
 to request the amendment of any inaccurate or incomplete personal data held.
Please note that these rights may be limited by data protection legislation, and we may be
entitled to refuse requests where exceptions apply.
Right to Complain

If you are not satisfied with how we are processing your personal information, you can make
a complaint to the Information Commissioner.
Tel: 0303 123 1113
Post: Information Commissioner, Wycliffe House, Water Lane, Wilmslow, SK9
St Helens Council Data Protection Officer
St Helens Council’s Data Protection Officer can be contacted at:

Privacy Notice relating to NHS Test and Trace

Service description

St Helens Borough Council will collect personal data from our establishments, as requested by the Government, to help with the NHS Test and Trace programme in relation to Covid-19.

Processing activity

 The purposes for which your data will be used:


  • To keep a record of who has visited our venues and when (this includes visitors and staff)
  • To share this information with NHS Track and Trace if requested

Information requirements

In relation to staff we will record:

  • the names of staff who work at the premises
  • a contact phone number for each member of staff
  • the dates and times that staff are at work

In relation to customers and visitors will record:

  • the name of the customer or visitor. If there is more than one person, then we will record the name of the ‘lead member’ of the group and the number of people in the group
  • a contact phone number for each customer or visitor, or for the lead member of a group of people
  • date of visit, arrival time and, where possible, departure time
  • if a customer will interact with only one member of staff, the name of the assigned staff member will be recorded alongside the name of the customer


Please note you do not have to give us this information in relation to NHS Test and Trace.

Lawful bases

Our lawful bases for processing your personal information are:

  • Public Task (A6(1)(e)).

And if your attendance at our venues would reveal protected characteristics about you (known as Special Category Data):

  • Consent (A6(1)(a) and A9(2)(a)).

If consent applies the venue will let you know.

Data Processors

St Helens Borough Council uses data processors who provide software and services to us.  We may use these data processors to collect or store your information.

International transfers

St Helens Borough Council will not transfer your data outside of the UK.

Data sharing

We may share data with the following:

  • NHS Track and Trace


We keep your personal information for the minimum period necessary.  We will normally destroy information held in relation to Track and Trace after 21 days, as recommended by the Government.  Please note that if this same information is also kept for other purposes, it will continue to be retained and used for those purposes. The information outlined in this Privacy Notice will be in accordance with our Retention Policy.  All information will be held securely and disposed of confidentially.

Your rights

Your rights depend on the lawful basis we are relying on. However, the most relevant in this instance is the right to object to the processing and as stated above, you do not have to provide us with this information if you object. If you have provided consent, you can withdraw this at any time.

St Helens Borough Council have appointed a Data Protection Officer who can be contacted via email

If you are in any way concerned regarding how we are processing your data please contact the Data Protection Officer in the first instance. You have the right to complain to the Information Commissioners Office.Online:

Tel: 0303 123 1113. Post: Information Commissioner, Wycliffe House, Water Lane, Wilmslow, SK9 5AF