Privacy notice Menu
About

Privacy notice

Welcome to Active Lichfield District’s privacy notice.

This privacy notice is to supplement the information Lichfield District Council currently makes available about how the organisation collects and holds your personal information in respect of its leisure facilities. Our core data protection obligations and commitments are set out in Lichfield District Council’s main privacy notice.

References to we, our or us in this privacy notice are to Burntwood Leisure Centre and Friary Grange Leisure Centre and the facilities are fully administered and managed by LWM Traded Services.

Lichfield District Council is the data controller for your information and LWM Traded Services is contracted as the council’s data processor. We have appointed a Data Protection Officer who is responsible for managing data protection and for ensuring that we comply with our legal obligations relating to personal information. (dpo@lichfielddc.gov.uk)

We respect your privacy and are committed to protecting your personal data. This privacy policy explains what types of personal information we collect about you, what we do with that personal information, the legal basis for our processing of your personal information, what rights you have in relation to your personal information and how you can exercise those rights. It also explains how we keep your personal information safe and secure. We take our data protection obligations very seriously and this notice gives you information about our approach to Data Protection legislation (UK General Data Protection Regulation, Data Protection Act 2018, Privacy & Electronic Communications (EC Directive) Regulations 2003 (PECR)) and any subsequent updated legislation.

Purpose of this privacy notice

This notice applies to you if you are either:

  • A user of Leisure facilities or services,
  • An individual who has expressed an interest in our facilities or services,
  • An individual who has subscribed to or purchased our services/ memberships, courses, classes etc.

What data do we process and what is our legal basis for processing?

Personal data, or personal information, means any information about a living individual from which that person can be identified. It does not include data where the identity has been removed (anonymous data). Special category data is

  • race or ethnicity
  • religious or philosophical beliefs
  • sex life, sexual orientation
  • political opinions
  • trade union membership
  • information about your health
  • genetic or biometric data (for identification purposes)

We will only use your personal data when the law allows us to. Most commonly, we will use your personal data in the following circumstances:

  • Where we need to perform the contract we are about to enter into or have entered into (Article 6(1)(b),
  • Where we have your consent (Article 6(1)(a),
  • Where we need to comply with a legal obligation (Article 6(1)(c),
  • Where we have a legitimate interest to do so (Article 6(1)(f),
  • Where we need to protect vital interests (emergency situations on our premises) (Article 6(1)(d).

We will use your special category data in the following circumstances:

  • where it is necessary for health or social care purposes (Article 9(2)(h).
  • where it is necessary for reasons of substantial public interest (Article 9(2)(g).
  • where it is necessary to protect your vital interests (Article 9(2)(c).

The special category data processing conditions for the sharing of special category data are set out in the Data Protection Act, Schedule 1 Part 1 & 2 (various sections are applicable).

We collect, store, and use the following categories of personal and special category data about you, and we list our legal basis for processing:

  • Contact details, such as: your full name, email address, home address, telephone numbers. (Article 6(1)(b).
  • Emergency contact details (Article 6(1)(b & d).
  • Identity details, such as: date of birth and gender. (Article 6(1)(b).
  • Financial information, such as: bank or building society account details, direct debits etc. (Article 6(1)(b).
  • Accident information, such as accident book entries, first aid records, injury on our premises and third-party accidents (Article 6(1)(c) & Article 9 (2)(b).
  • Correspondence, such as: telephone conversations, emails, letters and other communications with or about you, including any feedback you give us. (Article 6(1)(b,c&f).
  • Attendance information, such as: records of your attendance at any events, competitions or workshops. (Article 6(1)(f).
  • Monitoring information, such as: information obtained from CCTV footage or the use of our website or IT systems. (Article 6(1)(f).
  • Equal opportunity information, such as; information about race or ethnicity, disability or religious beliefs but only if provided by the individual. (Article 6(1)(c) & Article 9 (2)(b).
  • Technical information, such as: use of and movements through our online portal, passwords, personal identification numbers, IP addresses, user names and other IT system identifying information. (Article 6(1)(f).
  • Health information, such as: medical condition, health and sickness records, medical records and health professional information. (Article 6(1)(c&d) & Article 9(2)(c&g)

Please note the above list is not exhaustive but gives an indication of the data we collect and our legal bases for processing your personal data.

Updating or changing your personal data

Please do help us keep your personal data up to date by notifying us of any changes to your personal information such as your name or address etc.

Purposes of our processing

We may use your personal information for the following purposes:

  • To administer your account,
  • Comply with health and safety regulations,
  • To assess your fitness to participate in any sporting activities,
  • To market our services to you,
  • To promote sport and health in our district,
  • Monitor use of our facilities by the use of CCTV,
  • Respond to queries and complaints,
  • Respond to legal disputes,
  • Deal with accidents on our premises,
  • To monitor equal opportunities,
  • To prevent fraud,
  • Carry out business management and planning, for example accounting, auditing or for business continuity,
  • To conduct data analytics studies to review and better understand the customer retention and attrition rates,
  • To monitor visitor access to our buildings,
  • To provide relevant information in respect of promotional offers.

Please note this list is not exhaustive but gives an indication of the processing

Who we share your data with

We may share your personal data in the following circumstances:

  • With LWM Traded Services who administers all management of our facilities,
  • With relevant government authorities where required by law, e.g., for tax reporting, benefits provision,
  • Where we are using contracted service partners for services such as IT, HR platform, web development, hosting and system administration, email communications,
  • With Payment providers, we will share relevant information relating to your financial information in order to process card payments.
  • With our bank to provide direct debit services via LWM Traded Services,
  • To any competent law enforcement body, regulatory, government agency, court or other third party where we believe disclosure is necessary (i) as a matter of applicable law or regulation, (ii) to exercise, establish or defend our legal rights, or (iii) to protect your vital interests or those of any other person,
  • To enforce or apply our Terms of Service or other agreements or to protect Lichfield District Council and its customers (including with other companies and organisations for the purposes of fraud protection and credit risk reduction),
  • To any other person with your consent to the disclosure.

As a Data Controller we ensure all our third-party service providers, such as LWM Traded Services, are required to take appropriate security measures to protect your personal information in line with our policies. We do not allow our third-party service providers to use your personal data for their own purposes. We only permit them to process your personal data for specified purposes and in accordance with our instructions. A list of third parties who we may share your data with can be obtained from our Data Protection Officer.

As a Data Processor we ensure we have the relevant contractual clauses, data sharing agreements or information sharing agreements in place to comply with the Data Protection legislation.

Data security

We take the security of your information very seriously. We have in place appropriate security measures to prevent your personal data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. In addition, we limit access to your personal data to those employees, agents, contractors and other third parties who have a business need to know. They will only process your personal data on our instructions, and they are subject to a duty of confidentiality.

We have put in place procedures to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach where we are legally required to do so.

Data retention & rights

Details about the retention of your data and your rights can be found on our main privacy notice on our website.

Your right to complain

We would encourage you to contact us, in the first instance, if you are unhappy with any aspect of the way in which we process your personal data. You can get in touch with our Data Protection Officer using the details provided above.

If you are not satisfied with the outcome of your complaint, you have the right to refer such matters to the ICO (www.ico.org.uk). It is worth noting the ICO expect individuals to exhaust the complaints process internally before referring complaints to them.

Save 30% off activities with a LAP