Xercise4Less (the Company, we, us or our) is a trading name of Wright Leisure Limited (company number: 07572128) of Unit 1 Kirkstall Road Industrial Estate, Kirkstall Road, Leeds, LS4 2AZ. The Company operates this website (www.xercise4less.co.uk) (the website).
Application of this policy
This policy applies to the personal data we process in relation to members, former members and individuals who are on our mailing list and to the use of that personal data in any form – whether oral, electronic or written.
For the purposes of the Data Protection Act 2018 and the General Data Protection Regulation (Regulation (EU) 2016/679) (together the data protection legislation). The controller of the personal data you provide to us is the Company. The Company is registered as a data controller with the Information Commissioner's Office (the ICO) (registration number: ZA031236).
In accordance with data protection legislation we are required to collect and process your personal data lawfully, fairly and in a transparent manner. This includes providing you with the information set out in this policy.
What Personal Data do we Collect from You?
The term “personal data” in this policy refers to data that does or can identify you as an individual either directly or indirectly.
The types of personal data that we process include, but are not limited to:
- name, address, email address, telephone number, date of birth, gender, emergency contact information;
- bank details for payment;
- data captured on security systems including CCTV and turnstiles on entry into gym;
- we may occasionally take photographs or videos in our gyms for use on the website, on social media and in other marketing materials. If we do this we will ask you whether you are happy to be on the photograph/video and will not publish it without your consent.
Special Categories of Personal Data
There may be instances in which the personal data that you provide to us or we collect is considered to be special categories of personal data under data protection law. Special categories of personal data can include racial or ethnic origin; genetic data; biometric data for the purpose of identifying an individual; data concerning health or data concerning your sex life or sexual orientation.
Please note that we require certain personal data (including special categories of personal data which relates to your health status and your biometric data) in order to be able to provide you with access to the gym and for health and safety reasons. If you do not provide such information, this may impact our ability to offer the use of our services to you. Where we process special categories of personal data, we will ask you for your explicit consent in order to do this.
If you volunteer information to us that contains special categories of personal data, you will be regarded as giving your explicit consent to us processing it. We will seek to confirm with you that this is the case unless we have a legitimate reason for not doing so.
We collect personal data directly from you when you complete our forms, we contact you or you contact us, whether submitted on the website, electronically or in person.
How We Use Your Personal Data
We process personal data concerning members and those on our mailing list for a number of reasons which relate to providing our gym services to that member. These reasons include:
- administering and managing your membership to the gym;
- communicating with you, including to send marketing to you in respect of products, services and offers, which we feel will be of interest to you (unless you have opted out of receiving such marketing communications);
- maintaining and improving the website; and
- complying with applicable laws (g., laws governing health and safety and having in place appropriate insurance for our business activities).
The legal basis on which we rely for processing your data for these purposes is that the processing is necessary for the performance of a contract to which you are a party; complying with our legal obligations; and in order to fulfil our legitimate interests of providing you with an excellent standard of service, which includes providing you with information about products, services and offers that we feel will be of interest to you.
Where we send marketing communications by electronic means (such as phone, SMS or email) we will obtain your consent. Where you have provided consent, please note that you may withdraw it at any time. This shall not affect the lawfulness of any processing that was based on your consent before you withdrew it.
Monitoring in the Gym
There are CCTV cameras in operation within and around our gyms.
The legal basis on which we rely in respect of using CCTV is that this processing is necessary for the purposes of a legitimate interest pursued by the Company. For example, images recorded may be used for the following purposes:
- to prevent and detect crime in our gyms;
- to protect the health and safety of members, colleagues and visitors; and
- to manage and protect our property and the property of our members, visitors and colleagues.
Where we Store your Data and Transfers
We store your personal data on our servers which are located within the European Economic Area (EEA), however, we may need to transfer data outside the EEA as a result of some of the service providers we use.
The main third parties we use are:
- Egton Digital, which is a company based in the UK that provides the Company with our Customer Relationship Management platform;
- Harlands Services Ltd which is a company based in the UK that provides the Company with payment /member services;
- DIGIFIT B.V. which is a company based in the Netherlands that provides the web-based app, Virtuagym;
- Dotmailer which is a company based in the UK that the Company uses for marketing purposes only;
- Connect Direct is a company based in the UK that provides marketing services to the Company. Connect Direct will not send any marketing communications directly to you unless it is on our behalf.
- Referral Saasquatch which is a company based in Canada that is used by the Company to enable us to use the membership referral platform it provides.
From time to time we may engage other third parties to provide us with services which we believe will ultimately benefit our members. Where we outsource the processing of your personal data to third parties or provide your personal data to third party service providers (this can include your data being transferred outside of the EEA), we oblige those third parties to protect your personal data in accordance with the terms and conditions of this policy and applicable data protection legislation, with appropriate security measures. Please ask us if you would like to see a copy of these agreements with third parties in respect of data transfers.
We reserve the right to disclose any personal data we have concerning you if we are required to do so by a court of law or requested to do so by the Police or a government body or if we determine it is necessary or desirable to comply with the law or to protect or defend our rights or property in accordance with applicable laws. We also reserve the right to retain personal data collected and to process such personal data to comply with accounting, tax rules, regulations and any specific record retention laws.
Protecting Your Personal Data
The personal data we collect from you is stored by us and/or our service providers on databases protected through a combination of physical and electronic access controls, firewall technology and other reasonable security measures. Nevertheless, such security measures cannot prevent all loss, misuses or alteration of personal data and we are not responsible for any damages or liabilities relating to any such incidents which are outside our control. Where required under law, we will notify you of any such loss, misuse or alteration of personal data that may affect you, so that you can take the appropriate actions for the due protection of your rights.
How Long do we Store your Personal Data?
We retain CCTV images for up to 30 calendar days (club dependent and based on local system), however this period may be extended when we have a reason to investigate footage or have been requested to retain the footage by the Police, for example.
We will retain your personal data for up to seven years starting the day after your membership ends, after which point the personal data will be destroyed. If you are not a member but you have agreed to receive marketing from us, we will hold your contact details for marketing purposes for a reasonable period or unless you request otherwise.
Your personal data is protected under data protection laws and you have a number of rights (explained below) which you can seek to exercise. Please contact us using the details shown below if you wish to do so, or if you have any queries in relation to your rights. If you seek to exercise your rights we will explain to you whether or not the right applies to you; these rights do not apply in all circumstances.
- Right of access – You have a right to access the personal data we hold about you upon request. This is known as a "Data Subject Access Request". You can exercise this right by making a request in writing, by email or by telephone using the contact details in the contact section below.
- Right of rectification – You can ask us to correct or update your personal data to ensure it is accurate and complete.
- Right to erasure and right to restrict processing – You can ask us to stop processing and/or to delete your personal data in certain circumstances (for example, where it is processed with your consent, or it is no longer necessary for us to process it).
- Right to data portability – You have a right to ask us to provide you with your personal data in a form that suits you, and/or to provide your information to a third party.
- Right to object – You have a right to object to our processing of your personal data.
- Profiling and automated decisions – You have a right not to be subject to automated decisions which have a legal effect and to be protected by safeguards in respect of any profiling. We do not undertake any automated decision making or profiling which produces legal effects or significantly affects our members or those on our mailing list.
- Right to object to direct marketing – Where you have consented to receive direct marketing, you can change your mind at any time by contacting us or following the link to "unsubscribe" provided in each email and SMS we send to you. Please allow a few days for us to action your request.
Contact and Complaints
The person responsible for data protection compliance at the Company is known as the Head of Data Protection.
If you have any questions, would like to exercise any of your rights or make a complaint, please contact the Head of Data Protection by:
- writing to us at: Xercise4Less, Unit 1 Kirkstall Road Industrial Estate, Kirkstall Road, Leeds, LS4 2AZ;
- emailing us at: [email protected]; or
- calling us on: 0113 2038668.
Please note that you also have the right to lodge a complaint with the ICO by writing to Exchange Tower, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF; or telephoning 0303 123 1113. For further information, the ICO's website can be accessed at www.ico.org.uk.
Links to other Websites
Changes to this Policy
We may edit or amend this policy from time to time in which case we shall publish the amended version on our Website. We will inform you should we process your personal data for a purpose other than the purpose for which it was obtained. This policy has an effective date which set out at the end of the document.
You Join, We Pay.
Train for Free
8 Week Transformation Camp
Gym memberships from £9.99 per month
Limited spaces available. #myyellowgym.
Join now from £9.99 per month with over 40 fitness classes running every week, all included in your gym membership. Access all gyms nationwide with one membership. Over 400 pieces of the latest gym equipment, separate ladies-only gym areas, expert advice always on hand every day.