Privacy Policy – THE QFIT GYM

The General Data Protection Regulation (GDPR) comes in to force from 25 May 2018. This will replace the Data Protection 1998 Act.

How do I contact you?

Please call us on (0191) 2500 166 or email info@qfitgym.uk if you have any issues or concerns around your privacy or data.

Are my payments protected?

We accept bank Direct Debits through Ashbourne Services, or through GoCardless and all these payments are all covered under the banking DD Scheme. We accept card payments online (by STRIPE) and in person (by WORLDPAY) and all card payments are fully encrypted and we are confirmed through SaferPayments that we are fully compliant with the payment card industry data security standard (PCI DSS). This is revceiewed annually. We therefore do not collect or store any personal financial information on our systems.

What information do you hold on me?

Every customer will be required to complete our ‘QFit Gym Registration Form’ This provides us with your full name, home address, contact number, email address, date of birth and brief physical readiness survey (PARQ). We do not store or collect any personal banking details from customers who set up and pay via Direct Debit – this is controlled by either Ashbourne or GoCardless. We doi not collect or store any card payment details – this is controlled by either WorldPay or Stripe.

Why?

We require this information to maintain a membership scheme and casual access, this also helps us understand where indicated if we need to be aware of any medical issues or concerns that may affect your use of our facilities.

What will you do with this?

This information will never be shared with any third party organisations for any reason other than those who arrange a Direct Debit with us. We use an access management system from Ashbourne Services, and they will require personal bank details and address to authorise direct debit payments for you, to us.

We shall only use your address or email contact to notify you of any changes to memberships, our fees or access to our services. We may however also contact you to provide information about special offers or new activities here at The QFit Gym, you may choose to ‘opt-out’ of the offer emails at any time. If you wish to be excluded from these now, please email us using the address above and confirm your full name and contact details to ensure we do this effectively.

Where is my information held?

All paper copies are held securely and all electronic information is stored in accordance with the GDPR encryption guidelines

Can I access my information?

Yes, you may request a copy of all the information we hold by writing to us, or sending an email. This is a free request and we will acknowledge your request within 48 hours and provide the details within 30 days.

Cookies

If you leave a comment on our site you may opt-in to saving your name, email address and website in cookies. These are for your convenience so that you do not have to fill in your details again when you leave another comment. These cookies will last for one year.

If you visit our login page, we will set a temporary cookie to determine if your browser accepts cookies. This cookie contains no personal data and is discarded when you close your browser.

When you log in, we will also set up several cookies to save your login information and your screen display choices. Login cookies last for two days, and screen options cookies last for a year. If you select “Remember Me”, your login will persist for two weeks. If you log out of your account, the login cookies will be removed.

If you edit or publish an article, an additional cookie will be saved in your browser. This cookie includes no personal data and simply indicates the post ID of the article you just edited. It expires after 1 day.

To manage the cookies and similar technologies used (tracking pixels, web beacons, etc.) and related consents, we use the consent tool “Real Cookie Banner”. Details on how “Real Cookie Banner” works can be found at https://devowl.io/rcb/data-processing/.

The legal basis for the processing of personal data in this context are Art. 6 (1) lit. c GDPR and Art. 6 (1) lit. f GDPR. Our legitimate interest is the management of the cookies and similar technologies used and the related consents.

The provision of personal data is neither contractually required nor necessary for the conclusion of a contract. You are not obliged to provide the personal data. If you do not provide the personal data, we will not be able to manage your consents.

Embedded content from other websites

Articles on this site may include embedded content (e.g. videos, images, articles, etc.). Embedded content from other websites behaves in the exact same way as if the visitor has visited the other website.

These websites may collect data about you, use cookies, embed additional third-party tracking, and monitor your interaction with that embedded content, including tracking your interaction with the embedded content if you have an account and are logged in to that website.

Who we share your data with

If you request a password reset, your IP address will be included in the reset email.

How long we retain your data

If you leave a comment, the comment and its metadata are retained indefinitely. This is so we can recognize and approve any follow-up comments automatically instead of holding them in a moderation queue.

For users that register on our website (if any), we also store the personal information they provide in their user profile. All users can see, edit, or delete their personal information at any time (except they cannot change their username). Website administrators can also see and edit that information.

What rights you have over your data

If you have an account on this site, or have left comments, you can request to receive an exported file of the personal data we hold about you, including any data you have provided to us. You can also request that we erase any personal data we hold about you. This does not include any data we are obliged to keep for administrative, legal, or security purposes.

Where your data is sent

Visitor comments may be checked through an automated spam detection service.

Payments

All payments processed online via our website are processed by Stripe using their PCI Standard 3D secure platform. Stripe Inc follow the ‘Data Privacy Framework’ full details can be read on their website here.

Electronic card payments made in-person at our reception desk are processed by Worldpay terminal which is PCI-PTS 5.x certified and encrypted, to read their data privacy policy please visit their website here.