We, Sports and Leisure Management Limited (SLM), are the ‘controllers’ of the information we collect about you (‘personal data’). SLM trades under the names of Everyone Active, Everyone Spa and Everyone Events.
Our contact details are set out in section 16 of this policy.
We are registered with the ICO and our registration numbers are as follows;
- SLM Food and Beverage – ZA516092
- SLM Fitness and Health Limited – ZA508699
- Sports and Leisure Management Ltd – Z6576250
- SLM Community Leisure Charitable Trust – ZA516112
As controllers of your personal data, we are responsible for how your data is processed. The word ‘process’ covers most things that can be done with personal data such as the collection, use, storage, sharing and erasure of that data. We are committed to complying with data protection legislation in our handing of your personal data.
Quick links have been provided to help you find the section you wish to read.
You have certain rights in relation to your personal data including the right to object to the processing of your information in certain circumstances. Further information about your rights is included in section 13 of this policy.
2. Personal Data
‘Personal data’ is any information that relates to a living, identifiable person. This data can include your name, contact details, and other information we gather as part of our relationship with you.
It can also include ‘special categories’ of data, which is information about a person’s race or ethnic origin, religious, political or other beliefs, physical or mental health, trade union membership, genetic or biometric data, sex life or sexual orientation. The collect and use of this type of data is subject to strict controls. Similarly, information about criminal convictions and offences is also limited in the way it can be processed.
We will collect your personal data mostly through our contact with you and the data is usually provided by you but in some instances, we may receive data about you from other people or organisations. We will explain when this might happen in this policy.
3. What information do we collect and why?
We are committed to protecting your personal data and will only process the data if we need to for a specific purpose and providing we have a legal basis, as explained below.
There are various legal bases on which we may collect and process your data. We may have your consent, for example, you have informed us that you are happy for us to process your information for a specific purpose such as providing a service to you or receiving further information about what we do. Sometimes there is a contractual reason such as being able to process a monthly direct debit payment and deliver our services to you. If so, we will not be able to enter into a contract with you in the absence of the data. Occasionally there may be a legal reason for collecting or sharing data, such as for employees when we have to collect the information for the HMRC, or, should you have an accident, we may need to provide details of this to the relevant health and safety authorities. We may also process your data based on our legitimate business interests, for example, in order to operate and improve our business.
5. Data relating to children
Our services are used by people of all ages. SLM may accept website registrations and collect personal information from individuals under the age of 16. If you are under 16 we do not allow you to post information about yourself in any SLM forums or community areas. SLM accepts no liability if this instruction is ignored.
Children aged under 16 years must have a parent or guardian’s consent before providing personal information to us. We do not wish to collect any personal information without this consent.
SLM will not knowingly market to children aged under 16 years.
Proof of age maybe required and retained for access to some services.
6. How do we store and protect your personal information?
These are the basic guidelines we use to look after your personal data.
- We maintain secure systems to protect your personal information
- We respect your wishes about how we contact you, whether by post, telephone, email or text message
- We will update your information or preferences promptly when you ask us to
- We will respond fully to requests from you to see the information that we hold on you.
- We will not hold your personal information for longer than is necessary for our legitimate business purposes.
- We follow strict procedures when storing or handling information that you have given us. Some information is encrypted, such as payment transactions and password.
- We will never sell your personal information to a third party.
Transfers of data outside of the EEA
We will store most of your data on systems within the UK. For members using our Golf booking system we will need to transfer your personal data outside of the European Economic Area as the web-based services that we use are hosted outside of the EEA.
Where your data is transferred outside of the EEA we will ensure that there is a robust contract in place with safeguards to protect your personal data.
7. Retention Policy
We retain personal information as long as we consider it useful to contact you, or as needed to comply with our legal obligations. Where data is not needed for legal or statutory purposes we will delete this information if you request. See the contacts section to request your data to be deleted.
PoolView CCTV images used in the swimming pool are retained for 7 days, all other CCTV footage is stored for 5 days. In the event of an incident we may retain it until any investigations are concluded.
8. Services provided by contracted third parties
SLM may share information with third party organisations that provide specific services on our behalf which enhance our products and your experience with us. These organisations act as a Data Processor under our instructions. They may process data securely outside of the EU. There is a contract in place with each third party which includes strict terms and conditions to protect your privacy.
Our current processing partners include Aqua Passport, Precor, Technogym, Mediablaze, Jellyhaus, Gladstone, Innovatise, Acteol, Nutrition Complete, DigiTickets, Shopify, Volunteer Makers and Berforts.
Please note: Use of services provided by our partners Precor, Technogym and Nutrition Complete will be subject to the terms and conditions and/or Privacy Policies of these third party organisations. Please see the links to these third party terms that also apply above and beyond these here:
- Future Fit Training
- Xtreme Parties
9. Services provided by other third parties
Sometimes third parties will use our centres for delivering their own service. Where this takes place the third party will remain the controller of the data for the services that they provide. The data will not enter our database unless the individuals that take part in these services also provide us with their personal data directly or already appear within our database.
For these Services the third-party will be responsible for upholding and responding to the rights of individuals. Third parties that currently fall into this category are;
10. Leisure and Health Partners
SLM runs services on behalf of other organisations such as Local Authorities, NHS, Clinical Commissioning Groups and Trusts. These services are often run under a franchise or contract agreement. Data may be shared with these organisations at a summary level but not at a personable identifiable level unless you have told us we may do so through your marketing preferences. For our health related services, with your consent, we may share identifiable information with your GP and NHS services.
At the end of the management contract, if the service is to be run by another operator, SLM will forward on your details to the new operator so they can continue to provide the service to you without interruption. If you do not wish us to do this please send a request to SLM Head Office.
These organisations will be a Data Controller in their own rights, and where they do process your data will inform you directly or through their services such as a website about the data they hold and what processing they undertake.
11. Marketing Partners
SLM will never sell your personal information to any third party for marketing or other purposes.
In some cases, SLM works in partnership with another organisation to provide services to you. In these cases, the partner may contact you for marketing purposes if you have given the partner organisation your permission to do so. SLM partners who fall into this category are:
- Westway Trust, based in north west London, who run activities and events that they provide for their local community.
12. How do we use your information?
We use your information to help us provide and improve our services for you. We may use your information in the following ways.
- to provide you with any services that you have purchased or receive free as part of a health or other scheme
- to check your identity
- to check your eligibility where appropriate
- to update our records with any new information you give us
- to notify you if we will be unable to provide a service you have booked before
- to provide marketing communications (if you have given us your permission)
- for research and analysis so we can develop and improve our services for your benefit
- to tailor our communications to you to ensure relevance (if you do not want us to do this please contact us using the details below)
- to comply with legal requirements.
- To safeguard users of our services
13. Keeping you updated
There are certain communications we need to send to you so we can provide our services. We call these service communications and include for example notices about your direct debit payments, change of password, registration confirmations, appointment reminders and waiting list announcements. We would not be able to provide you with services if we did not send these.
We may from time to time contact you about our services or products we think you might find interesting by email, by post, telephone or SMS, but only if you have given us your permission to do so.
If you buy a service from us for a fixed period of time with a specific end date, such as an annual membership, we will contact you at the appropriate time to tell you that the service is coming to an end and how you can renew.
If you do not want us to contact you other than for service emails let us know when you next visit us or contact us using the details below. For Everyone Active website users you can do this by ticking the relevant box in the Permissions page in ‘My Settings and Preferences’ in your profile, or click on the ‘unsubscribe’ link on any emails we send. You may also opt-out of email or any other communications by contacting the support team – Data Protection, or by letting us know in one of our centres or health service groups.
14. Your rights to manage your personal data
Accuracy of data
We will always try to ensure the data we hold about you is accurate and relevant. If you believe the information we hold about you is out of date or incorrect, please tell a member of staff or see the contacting us section below. You will need a form of identification to request any changes.
Seeing your data – subject access request
You have the right to know what personal information we hold about you. This is called a Subject Access Request.
Removing your data
If you no longer use our services and products and wish us to delete your personal data we will do this if there are no legal or statutory regulations requiring us to keep this information.
You can restrict the processing of your data including some processing we do under legitimate business interests.
Transferring your data
In some circumstances you can ask us to transfer your information to another organisation.
Objection to processing
You can object to the processing of your data in certain circumstances such as marketing.
If we are relying on consent to process your data, you may withdraw your consent at any time by contacting us.
To exercise any of the above rights please write to us using the details set out in section 16.
Complaints about how we manage your data
If you are not happy about the way we manage your data please contact us as quickly as possible by contacting your centre or usual contacts for providing our service. You may also write to the Data Controller – who will investigate your complaint and get back to you as soon as possible. Information Commissioner’s Office (ICO)
The ICO is the UK’s independent authority set up to uphold information rights. You have the right to contact them should you wish. Details can be found on their website: https://ico.org.uk/
15. Links to other websites
Our websites may contain links to and from external websites, advertisers and affiliates. If you follow a link to other sites please note that these will be governed by their own privacy policies. We cannot accept liability for data use on those websites.
17. Contacting us
In most instances it is best to contact us locally where you take part in our services such as the Leisure Centre or the Health Service you normally attend. We can usually deal with most of your queries here.
Alternatively, you can contact the Data Controller regarding any of your data protection rights by completing an online enquiry form here firstname.lastname@example.org or if you prefer write to us at the address below.
Sports and Leisure Management Limited
2 Watling Drive
Document last updated: 13th May 2022
- There are several companies related to Sports and Leisure Management Limited to which this policy relates. These include: Sports and Leisure Management Ltd, SLM Community Leisure Charitable Trust, Sunderland Lifestyle Partnership Ltd, SLM Fitness & Health Ltd, SLM Food & Beverage Ltd, Everyone Health Limited.