The new General Data Protection Regulation Act comes into effect from 25th May 2018. We have updated our Data Protection processes to reflect the new regulations.

The types of personal data that we collect and use:

Whether an individual becomes a member or not, we need to collect and use personal data for the reasons set out below. If the individual becomes a member we will use the data to ensure their health and safety whilst using the services and facilities at the club and to manage their contract and payments.

The personal data we will use may include:

  • Full name and personal contact information (e.g. home address, email and telephone numbers to use in case of emergency)
  • Date of birth and any health information (to ensure that we are able to provide advice on the safe levels of exercise and a programme for gym equipment use)

Providing your personal details:

We will inform an individual if some aspects of personal data are optional, including asking consent to process it. An individual also has the right to change their mind at any time.

Using your personal data:

  1. It is necessary to perform our contract with a member:
    • To process a request to join the club
    • To decide whether or not to accept an application
    • To manage or perform that contract
    • To update our records
  2. To comply with legal obligations:
    • For compliance and legal and regulatory requirements regarding Health and Safety and financial regulations

Sharing personal data:

  • We use Harlands Group to manage our Direct Debits. They have extensive experience in statutory financial regulations and their own Data Protection Policy and procedure. This is the only company with whom we share any form of personal data

We will use personal information to:

  • Let members know about any changes to class times or services
  • Let members know if the club has to close early
  • Advise of additional services and facilities included in their membership

Retention Period:

  • We will retain personal data for as long as is necessary to deal with a query (e.g. if your application is unsuccessful)
  • We will retain personal data for as long as an individual remains a member and for 36 months after a membership has lapsed in order to deal with any queries or to enable someone to re-join within that 36 month period without incurring joining fees. We also need to keep this information for 36 months in case of any injury / accident issues
  • We will retain personal data based on statutory and legal requirements


Personal data rights:

      • The right to be informed about how data is processed
      • The right to have data corrected if it is inaccurate or incomplete
      • The right to object or restrict personal data processing
      • The right to have personal data erased
      • The right to request access to personal data

We have a Data Protection Compliance Folder containing:

      • Data Protection Privacy Policy
      • Record of Processing Activity
      • Data retention policy
      • Procedure for a response to a Subject Access Request
      • Procedure for a response to a Data Breach
      • Impact Assessment Template for Legitimate Interest purposes
      • Details of contractual arrangements with third party processors
      • Record of staff/volunteer training

We have a Record of Processing Activity containing:

      • Name and contact details of our organisation
      • Legal basis for processing
      • A description of the categories of data subjects and the personal data involved
      • Categories of recipients who will receive the data both in and outside of the EEA
      • Envisaged time limits for the retention of the different data categories
      • Description of technical and organisational security measure

The Board of Directors & Management Team
The Cranford Sports & Fitness Club
20th May 2018