Skip to main content
Back to Bedford Gym & Swim

Privacy Policy

How we protect and use your personal information

At Bedford Gym & Swim, we take your privacy seriously. This policy outlines how we collect, use, and protect your personal information in compliance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

Last updated: January 2025

1. Introduction

  • Bedford Gym & Swim ("we", "our", "us") is committed to protecting your privacy and personal data.
  • This privacy policy explains how we collect, use, store, and protect your personal information when you use our facilities, website, or services.
  • We are registered as a data controller with the Information Commissioner's Office (ICO).
  • By using our services, you consent to the practices described in this policy.

2. Information We Collect

  • Personal identification information: Name, date of birth, gender, photograph (for membership cards).
  • Contact information: Email address, phone number, postal address.
  • Emergency contact details for health and safety purposes.
  • Health information: Medical conditions relevant to your safe use of facilities.
  • Financial information: Bank details for direct debit payments (processed securely via third-party providers).
  • Usage data: Facility access times, class bookings, and attendance records.
  • Communication records: Emails, enquiries, and feedback you send us.
  • CCTV footage: For security purposes throughout our facilities.

3. How We Use Your Information

  • To manage your membership and provide access to our facilities.
  • To process payments and manage your account.
  • To communicate with you about your membership, bookings, and facility updates.
  • To ensure health and safety compliance and respond to emergencies.
  • To send you marketing communications (with your consent).
  • To improve our services and facilities based on usage patterns.
  • To comply with legal obligations and protect our legitimate interests.
  • To prevent fraud and ensure the security of our premises.

4. Legal Basis for Processing

  • Contract: Processing necessary to fulfil our membership agreement with you.
  • Legitimate interests: For security, fraud prevention, and service improvements.
  • Legal obligation: Where required by law (e.g., health and safety records).
  • Consent: For marketing communications and optional data collection.
  • Vital interests: In medical emergencies, we may share relevant health information with emergency services.

5. Data Sharing

  • We do not sell your personal data to third parties.
  • We may share data with our membership management software provider (Resamania) for account administration.
  • Payment processors handle financial transactions securely under their own privacy policies.
  • We may share information with emergency services if required for your safety.
  • We may disclose data if required by law or to protect our legal rights.
  • If our business is sold or merged, your data may be transferred to the new owner with appropriate safeguards.

6. Data Retention

  • Active membership records are retained for the duration of your membership.
  • After membership ends, we retain basic records for 6 years for legal and accounting purposes.
  • Health and safety incident records are retained for 7 years.
  • CCTV footage is typically retained for 30 days unless required for investigations.
  • Marketing preferences are retained until you withdraw consent.
  • You may request deletion of your data subject to our legal retention requirements.

7. Your Rights

  • Right of access: Request a copy of the personal data we hold about you.
  • Right to rectification: Request correction of inaccurate or incomplete data.
  • Right to erasure: Request deletion of your data (subject to legal retention requirements).
  • Right to restrict processing: Request limitation of how we use your data.
  • Right to data portability: Request your data in a machine-readable format.
  • Right to object: Object to processing based on legitimate interests or for marketing.
  • Right to withdraw consent: Withdraw consent for any consent-based processing.
  • To exercise any of these rights, please contact us using the details below.

8. Data Security

  • We implement appropriate technical and organisational measures to protect your data.
  • Access to personal data is restricted to authorised staff on a need-to-know basis.
  • Electronic data is protected by encryption, firewalls, and secure access controls.
  • Paper records are stored securely and disposed of appropriately.
  • We regularly review and update our security measures.
  • In the event of a data breach, we will notify you and the ICO as required by law.

9. Cookies & Website

  • Our website uses cookies to improve your browsing experience.
  • Essential cookies: Required for the website to function properly.
  • Analytics cookies: Help us understand how visitors use our site (Google Analytics).
  • Preference cookies: Remember your settings and choices.
  • You can manage cookie preferences through your browser settings.
  • Disabling certain cookies may affect website functionality.

10. CCTV Policy

  • CCTV cameras operate throughout our facilities for security and safety purposes.
  • CCTV is not used in changing rooms, toilets, or other private areas.
  • Footage is monitored by authorised staff only.
  • CCTV signage is displayed at entry points to our premises.
  • You have the right to request access to footage featuring yourself.
  • Requests should be made in writing and may be subject to the rights of others appearing in the footage.

Data Controller

Bedford Gym & Swim

Building 37 Twinwoods Business Park

Thurleigh Road, Milton Ernest

MK44 1FD

Email: gymandswim@playhousebedford.com

Phone: 01234 436436

Complaints

If you are not satisfied with how we handle your personal data, you have the right to lodge a complaint with the Information Commissioner's Office (ICO):

Information Commissioner's Office

Wycliffe House, Water Lane, Wilmslow

Cheshire, SK9 5AF

Website: ico.org.uk